This may allow an attacker to gain access to internal account information, such as the user’s e-mail address, or to change internal account information, such as the user’s password. A remote attacker may also be able to hijack the user’s session or obtain sensitive information about the application, such as the list of installed add-ons. The following is an example of an input field in a form that is being populated using the multipart/form-data content type. -------------------------- input -------------------------- name=’foo’ value=’bar’ -- multipart/form-data -------------------------- This input may be vulnerable to SSRF. In addition, the following may be vulnerable if the application accepts forms of this type: - Public files - Internal files - Dynamic files - RSS feeds - Bookmarks - RSS feeds - User-uploaded files - Config files - etc. The following example shows how an attacker may be able to inject arbitrary HTML code into the name input field via SSRF. input type=’hidden’ name=’foo’ value=’script>alert(‘xss’)/script>’ -- multipart/form-data -- --------------------------
Public files
Public files may be vulnerable to SSRF if the application uses a third-party library that accepts files of the given type, such as XMLHttpRequest. The following is an example of an input field in a form that is being populated using the multipart/form-data content type. -------------------------- input -------------------------- name=’foo’ value=’bar’ -- multipart/form-data -------------------------- This input may be vulnerable to SSRF.
Command Injection
SSRF is a vulnerability that allows an attacker to access sensitive information by using a web application's URL. If a company isn't careful when it comes to the development of their own website, they could be vulnerable to this type of attack.
Timeline
Published on: 07/27/2022 14:15:00 UTC
Last modified on: 08/03/2022 14:01:00 UTC