Stack Overflow
Stack Overflow

Questions tagged [ssrf]

Server Side Request Forgery (SSRF) is a vulnerability that appears when an attacker has the ability to create requests from the vulnerable server.

Server Side Request Forgery (SSRF) is a vulnerability that appears when an attacker has the ability to create requests from the vulnerable server.

It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network. Additionally, it’s also possible for an attacker to leverage SSRF to access services from the same server that is listening on the loopback interface (for instance, 127.0.0.1).

16 questions
6
votes
2 answers

Unable to rectify VeraCode CWE ID 918 - (SSRF) in ASP.NET

Long story short, no matter what I try VeraCode continues to flag 8 lines of my code as flaws with CWE 918. This is old code so I'm not sure why it's suddenly being flagged. Here's an example [offending] method with the flagged line in bold public…
Sirentec
  • 744
  • 9
  • 18
4
votes
0 answers

How to check if URL is public (anti-SSRF)?

I have a form on the site which allows the user to input URL - node.js app will then use request module to fetch that URL, analyze the response, and print some data back to the user. I want to make sure rogue users are unable to input intranet…
Fluffy
  • 24,946
  • 33
  • 140
  • 221
3
votes
1 answer

Mitigating the risk of Server-Side Request Forgery when downloading files with the .NET Framework

Question: If I have an untrusted, user-supplied URL to a file, how do I protect myself against server-side request forgery when I download that file? Are there tools in the .NET Framework (4.8) base class library that help me, or is there some…
Heinzi
  • 151,145
  • 51
  • 326
  • 481
3
votes
1 answer

How to check request.getQueryString() method of HttpServletRequest is susceptible for SSRF attack?

In my current application which is in Spring MVC We have code like below for gateway module. URI uri = new URI(restURLProtocol, null, URLDomain, URLPort, "/api" + request.getRequestURI(), request.getQueryString(), null); Gateway module will call…
hemant
  • 544
  • 2
  • 13
  • 35
2
votes
1 answer

Unable to fix veracode cwe id 918 flaw (SSRF) when using API gateway pattern in a Microservices architecture

I am using API Gateway Pattern in a Micro services architecture in which the Front End Angular app makes an HTTP request to my API Gateway project which is simply a ASP.net Core 3.1 Web API project. Currently I only have 2 micro services and an API…
Hamza Khanzada
  • 1,102
  • 1
  • 13
  • 29
2
votes
1 answer

How can I prevent SSRF via pathinfo passing a URL in PHP?

After scanning through our code using Acunetix for vunerabilities, we had an issue with the following script which said: "An HTTP request was initiated for the domain hit0yPI7kOCzl.bxss.me which indicates that this script is vulnerable to SSRF…
chris
  • 585
  • 1
  • 7
  • 25
2
votes
1 answer

Security considerations with server side urllib2.urlopen with url from user

I'd like users to be able to upload images from the web by providing a URL. I don't think I can get the client to fetch the image and upload it due to possible CORS issues and hotlink prevention, so I'm getting the server to do it. The biggest…
jozxyqk
  • 14,520
  • 8
  • 69
  • 153
1
vote
0 answers

Java Detect SSRF: How to detect 0177.1

I want to detect SSRF by validation if a host is localhost. But I cannot detect the addresses "0177.1" as localhost. I tried this code to detect if a host is a localhost. public static boolean isLocalAddress(InetAddress address) { if…
David
  • 45
  • 2
  • 7
1
vote
1 answer

SSRF CheckMarx Vulnerability for String input parameter

I am running CheckMarx scan for one of my project and it comes with a SSRF vulnerability for one of the input string parameters of a method. My method is something like below and SSRF vulnerability is thrown for parameter param1. public String…
Prasann
  • 983
  • 1
  • 8
  • 17
0
votes
0 answers

Django server-side request forgery with fake host header

A have a Django app using the built-in settings called ALLOWED_HOSTS that whitelists request Host headers. This is needed as Django uses the Host header provided by the client to construct URLs in certain…
M3RS
  • 4,254
  • 1
  • 24
  • 40
0
votes
0 answers

Getting Server-Side Request Forgery (SSRF) (CWE ID 918) restTemplate.getForEntity

I am using restTemplate for synchronous inter-service communication in a microservices architecture. When we completed Veracode scan, we are getting Server-Side Request Forgery (SSRF) (CWE ID 918) in getForEntity…
SSK
  • 2,311
  • 4
  • 17
  • 32
0
votes
0 answers

Can a xmlns reference be used for ssrf/xxe?

I know about inserting external entities (XXE injection). But how about namespaces? Are there any attacks known? What's the difference? Would it be possible to insert some sensitive info in a HTTP/DNS lookup in the xmlns: part? soap env:Envelope…
Mat90
  • 97
  • 1
  • 7
0
votes
0 answers

Updating Request URL in HttpClient throws Server-Side Request Forgery by Fortify tool

Using HttpClient I am calling a service. here some user input(OrderId) appending to service URL, functionally everything is fine. But throws SSRF issue by Fortify tool. I have gone through multiple recommendations but none has resolved the issue. …
user2038538
  • 151
  • 1
  • 11
0
votes
0 answers

How to Prevent SSRF in .Net

I have a web form application and also an Web Api application hosted in different servers. For all CRUD operations the Web Form application uses the API. To call the API from web form app I have created a generic API requesting method using…
Vignesh
  • 1,412
  • 11
  • 27
  • 58
0
votes
0 answers

What would be the best way to get cookies from HttpServletRequest object?

I have a method which is returning the cookie value, getting the cookie from an auto-wired HttpServletRequest object. I'm adding the same cookie to call another service in restClient. Everything is working fine, but when I ran Fortify scan, it has…
smk_adams
  • 11
  • 3
1
2