SSRF- server request forgery

Language 2020-02-23 17:38:39 views: null

Vulnerability produce:
SSRF- is a server-side request forgery by an attacker constructed form a security breach that initiated the request by the server. Under normal circumstances, SSRF is to target the site's internal systems.
(Because he is accessible from within the system, all of which can attack the internal network can not access external system, that is, when the target site middleman)

The reason SSRF formed mostly because the server provides the ability to get data from other server applications, and does not do filtering and restrictions on the destination address. Such as access to web text content from the specified URL address load the specified address pictures, documents, and so on.

Vulnerability attack:
1, external network, server resides within the network, the local port scan, banner obtain some information services.
2, intranet or local attacker to run applications
3, intranet Web application fingerprinting, identification internal corporate information assets
4, the attack outside the network of Web applications, primarily using HTTP GET request can be achieved attacks (such as strust2, sQli, etc.)
5, read local files using the file protocol

Defense strategy:
1, limiting the protocol HTTP, HTTPS
2, 302 redirection without limitation
3, set the URL whitelist or within the limits of IP network

SSRF looking for vulnerabilities (vulnerabilities haunt common position):
Note: personally feel that all the parameters adjusted external resources have loopholes that may exist ssrf
1 Share: Share web content through a URL address
2, transcoding service
3, Translator
4, image loading and Downloads: loaded via the URL or download pictures
5 pictures, articles collection function
6, undocumented api functions to achieve and other calls URL of
7, look for keywords in the URL

SSRF vulnerability verification method:
1, because SSRF vulnerability is to have the server send a request security vulnerabilities, so we can capture through analysis of whether the request is sent by the server, and thus to determine whether there SSRF vulnerabilities
2, page Find the source address access to resources, resource if the address type is www.baidu.com/xxx.php?image= (address) of SSRF vulnerabilities may exist

AmyBaby Happiness
Published 43 original articles · won praise 39 · views 7577
Private letter concerns

Guess you like

Origin blog.csdn.net/AmyBaby00/article/details/104461772
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com