SSRF vulnerability is one of the security vulnerabilities well-known to penetration test engineers. This vulnerability is more harmful, and it is easy to appear in various function points, and it is also very difficult to defend. So what is the SSRF vulnerability in network security? What are the reasons for its formation? Let's take a look at the specific content introduction.
What is SSRF?
SSRF server request forgery is a security hole constructed by an attacker to form a request initiated by the server. In general, SSRF is the internal system of the target website.
What is the cause of formation?
Most of the reasons for the formation of SSRF are that the server provides the function of obtaining data from other server applications, and does not filter and restrict the target address. For example, get the text content of the webpage from the specified URL address, load pictures, documents, etc. at the specified address.
What are the attack methods of SSRF?
1. Port scanning can be performed on the external network, the internal network where the server is located, and locally to obtain the banner information of some services
2. Attack applications running on the intranet or locally
3. Perform fingerprint identification on intranet web applications by accessing default files
4. Attacking web applications on the internal and external networks is mainly an attack that can be achieved by using get parameters
5. Use the file protocol to read local files, etc.
How to fix bugs?
1. Use address whitelist
2. Identify the returned content
3. When the whitelist cannot be used because Internet resources are required: first disable CURLOPT_FOLLOWLOCATION; then obtain the target ip through the domain name and filter the internal ip; finally identify whether the returned content is consistent with the assumed content.