RedTeam
3.Web-Hacking
4.Injection
SSRF
Notes
4.blind Ssrf

Blind SSRF

  • Cannot see the back-end request
  • Harder to exploit but can lead to full RCE

Finding the Hidden Attack Surface

  • Partial URLs in Requests
  • URLs within data formats
    • Example is the XML data format
    • If an application parses XML data it might be vulnerable to an XXE injection
  • SSRF via the Referer Header
    • Can exploit server-side analytic software that tracks visitors
    • Analytic software will often visit any 3rd party URL that appears in the Referer header
    • Can exploit the application by editing the referer header for a malicious site or code