مقدمة

We covered SSRF vulnerability as part of TryHackMe SSRF room from the Junior Penetration Tester pathway.

احصل على ملاحظات شهادة OSCP

What is an SSRF?

SSRF stands for Server-Side Request Forgery. It’s a vulnerability that allows a malicious user to cause the webserver to make an additional or edited HTTP request to the resource of the attacker’s choosing.

Types of SSRF

There are two types of SSRF vulnerability; the first is a regular SSRF where data is returned to the attacker’s screen. The second is a Blind SSRF vulnerability where an SSRF occurs, but no information is returned to the attacker’s screen.

What’s the impact?

A successful SSRF attack can result in any of the following:

  • Access to unauthorised areas.
  • Access to customer/organisational data.
  • Ability to Scale to internal networks.
  • Reveal authentication tokens/credentials.

الإجابات

What does SSRF stand for?

As opposed to a regular SSRF, what is the other type?

What is the flag from the SSRF Examples site?
What website can be used to catch HTTP requests from a server?
What method can be used to bypass strict rules?

What IP address may contain sensitive data in a cloud environment?

What type of list is used to permit only certain input?

What type of list is used to stop certain input?

What is the flag from the /private directory?

جولة بالفيديو

 

 

, ,
عرض التعليقات

معتصم

عن المؤلف

أقوم بإنشاء ملاحظات حول الأمن السيبراني وملاحظات التسويق الرقمي والدورات التدريبية عبر الإنترنت. أقدم أيضًا استشارات التسويق الرقمي بما في ذلك، على سبيل المثال لا الحصر، تحسين محركات البحث وإعلانات Google وMeta وإدارة CRM.

عرض المقالات