Intro to SSRF

May 18, 2025

Definition

Server-side Request Forgery

Allows a malicious user to cause the webserver to make an additional or edited HTTP request to the resource of the attacker’s choosing.

we had the original url as https://website.thm/item/2?server=api

and we wanted to access https://server.website.thm/flag?id=9&x

so I have noticed that the server parameter is added to the start to the url so we can append our desired destination and then add (&x) to make the website ignore the rest of the url

https://website.thm/item/2?server=server.website.thm/flag?id=9&x

Searching for SSRF

  1. When a full URL is used in a parameter in the address bar: https://website.thm/form/?server=https://server.website.thm/store

  2. A hidden field in a form:

  3. A partial URL such as just the hostname: https://website.thm/form/?server=api

  4. Or perhaps only the path of the URL: https://website.thm/form/?server=/forms/contact

Tags:

Categories: