Published on

A Report On a SSRF Finding

Somewhere around July/August I enrolled in a platform to learn about hacking web hacks practically. I was able to find 10 bugs and submitted report for 5 of them until I decided to move onto Portswigger.

My findings were mostly related to IDOR, Information Disclosure, IDOR leading to admin access to a certain feature and SSRF.

Below is a report that I submitted for SSRF finding, I had to redact the domain name as it was not allowed to disclose the findings in public space.

SSRF on External Image URL

0.png

We have an SSRF vulnerability present when we add a new dog for a user on page **http://redacted.com:52697/dog/new**

We have facility to either upload image for dog either directly from our system or from an url.

When we utilise external url functionality we can exploit make a call to internal of the server and exploit SSRF. Here the backend reads the content ( and type ) of the resource available at that url and copies it locally.

  1. Url to be added in form
1.png
  1. Modifying burp POST request for /dog/upload-image-from-url
2.png
  1. Resultant Response
3.png
  1. Resultant content of the file
4.png