Skip to content

Commit c24fd55

Browse files
notshivanshnotshivansh
committed
standard ssrf test
1 parent a81c28a commit c24fd55

File tree

1 file changed

+65
-0
lines changed

1 file changed

+65
-0
lines changed

Server-Side-Request-Forgery/StandardSSRF.yml

Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,65 @@
1+
---
2+
id: STANDARD_SSRF
3+
info:
4+
name: SSRF test by injecting internal URLs into query and body parameters
5+
description: >
6+
This test checks for Server-Side Request Forgery (SSRF) vulnerabilities by injecting internal URLs (such as https://test-services.akto.io) into query and body parameters of API requests. It validates whether the server makes unauthorized requests to these URLs, indicating a potential SSRF risk.
7+
details: >
8+
The test identifies parameters in the request payload or query string that accept URLs. It then replaces these parameters with internal URLs containing a random UUID and sends the request to the server. The test follows redirects and monitors if the server attempts to access the injected URL, confirming SSRF behavior. Successful exploitation is validated by checking for a 2xx response and verifying that the injected URL was hit by the server.
9+
impact: >
10+
If SSRF is possible, attackers can force the server to make requests to internal or external resources, potentially accessing sensitive data, cloud metadata, or internal services. This can lead to data breaches, privilege escalation, and compromise of internal infrastructure. Preventing SSRF is critical to maintaining the security and integrity of web applications and backend systems.
11+
category:
12+
name: SSRF
13+
shortName: Server Side Request Forgery
14+
displayName: Server Side Request Forgery (SSRF)
15+
subCategory: STANDARD_SSRF
16+
severity: LOW
17+
tags:
18+
- Business logic
19+
- OWASP top 10
20+
- HackerOne top 10
21+
references:
22+
- https://github.com/OWASP/API-Security/blob/master/2023/en/src/0xa6-server-side-request-forgery.md
23+
- https://www.akto.io/blog/how-to-prevent-server-side-request-forgery-ssrf-as-a-developer
24+
cwe:
25+
- CWE-918
26+
cve:
27+
- CVE-2022-4725
28+
api_selection_filters:
29+
response_code:
30+
and:
31+
gte: 200
32+
lt: 205
33+
or:
34+
- request_payload:
35+
for_one:
36+
key:
37+
regex: http
38+
extract: param_key
39+
- query_param:
40+
for_one:
41+
key:
42+
regex: http
43+
extract: param_key
44+
45+
wordLists:
46+
redirect_urls:
47+
- https://test-services.akto.io/health
48+
49+
execute:
50+
type: single
51+
requests:
52+
- req:
53+
- send_ssrf_req:
54+
url: "https://test-services.akto.io/store_uuid/${random_uuid}"
55+
redirect_url: "${redirect_urls}"
56+
- follow_redirect: true
57+
- modify_query_param:
58+
param_key: "https://test-services.akto.io/${random_uuid}"
59+
- modify_body_param:
60+
param_key: "https://test-services.akto.io/${random_uuid}"
61+
validate:
62+
response_code:
63+
gte: 200
64+
lt: 300
65+
ssrf_url_hit: "${random_uuid}"

0 commit comments

Comments
 (0)