SSRF ATTACK : WALKTHROUGH

Vulnerability Report: Server-Side Request Forgery (SSRF)

Description

The web application is vulnerable to Server-Side Request Forgery (SSRF) attacks, allowing an attacker to make requests on behalf of the server, potentially leading to unauthorized access to internal resources.

Affected Endpoint

URL: https://0ad6005c04f2986f80802110005600c2.web-security-academy.net/admin

Exploitation Steps

1. Access Restrictions Bypass:

The admin interface is protected and not directly accessible.

Using the stockApi parameter, an attacker can manipulate requests to bypass access restrictions.

2. Burp Suite Analysis:

• Intercepted a request triggered by clicking ”Check stock.” Sent the intercepted request to Burp Repeater for further analysis

3. SSRF Exploitation:

Changed the stockApi parameter to http://localhost/admin.

Successfully accessed the administration interface, demonstrating SSRF vulnerability.

4.Identified Target User Deletion URL:

• Discovered the URL for deleting a target user: http://localhost/admin/delete? username=carlos

5.SSRF Attack Execution:

• Submitted the identified deletion URL via the stockApi parameter to perform the SSRF attack.

After changing the stock api the user carlos is deleted

Recommendation

It is recommended to implement proper input validation and sanitisation for user- supplied input. Additionally, access controls should be strengthened to prevent unauthorized access to internal resources.

Remediation Steps

1. Validate and sanitise user inputs to prevent manipulation of the stockApi

2. Implement strong access controls to restrict access to sensitive functionalities and resources