To run this code locally, store it as server.rb, run gem install sinatra, followed by ruby server.rb. For the sake of this blog post, let’s assume we have a server that runs on the following Ruby code:įormat 'RESPONSE: %s', open(params).read For How To articles, it often works best to set up a vulnerable application locally for you to play around with it. When you can make the server do a request to another server, it might be an SSRF. This post will explain in which scenarios this is a security vulnerability and how you can exploit it. Until recently, their link expansion used to be vulnerable to an SSRF vulnerability. In order to download that information, a Twitter server makes an HTTP request to this page and extracts all the information it needs. The image, title, and description come from the HTML that this page returns. For example, when you’d tweet this blog post, an avatar would show up for this post on Twitter. It happens that an online application requires outside resources. This post will go over the impact, how to test for it, the potential pivots, defeating mitigations, and caveats.īefore diving into the impact of SSRF vulnerabilities, let’s take a moment to understand the vulnerability itself. Server-Side Request Forgery, SSRF for short, is a vulnerability class that describes the behavior of a server making a request that’s under the attacker’s control.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |