OSIRIS Giraffe

Server Side Request Forgery

Server Side Request Forgery (SSRF) is a vulnerability that gives an attacker the ability to create requests from a vulnerable server. SSRF attacks are commonly used to target not only the host server itself, but also hosts on the internal network that would normally be inaccessible due to firewalls.

SSRF allows an attacker to:

Scan and attack systems from the internal network that are not normally accessible
Enumerate and attack services that are running on these hosts
Exploit host-based authentication services

As is the case with many web application vulnerabilities, SSRF is possible because of a lack of user input validation. For example, a web application that accepts a URL input in order to go fetch that resource from the internet can be given a valid URL such as http://google.com But the application may also accept URLs such as:

http://localhost
http://10.0.0.1
file:///localhost/example.txt
127.0.0.1:22

When those kinds of inputs are not validated, attackers are able to access internal resources that are not intended to be public.

Below is an example that takes a URI as an input and passes it to the PHP curl_exec() function.

Enter a URI to fetch

find flag in ccptp-module-8-1314064504 bucket