Open cwong-scw opened 3 years ago
Server-Side Request Forgery (SSRF) vulnerabilities are caused when an attacker can supply or modify a URL that reads or sends data to the server. The attacker can create a malicious request with a manipulated URL, when this request reaches the server, the server-side code executes the exploit URL causing the attacker to be able to read data from services that shouldn't be exposed.
Look for places where URLs are handled such as calling resources from external servers, requests that are sent to external services or custom webhooks. Additionally, check where the user can specify custom URLs.
rgerjghf ssrf ghjfhgjk