Dark Side 108: Intro to SSRF — Server-Side Request Forgery

We’re on Day 19 of TryHackMe’s Cyber Advent 2 event!

Katlyn Gallo
4 min readDec 23, 2020

--

lvcriminaldenfense.com

Today’s challenge demonstrated a Server-Side Request Forgery attack. As it sounds, this attack tricks a website into letting a user into the backend server supporting a public facing web application. These vulnerabilities usually exist as a result of improper error handling, meaning a malicious user sends a request to access resources that aren’t publicly available, and the website serves up that data not knowing it shouldn’t.

Let’s dive into this challenge to better understand how this works.

Here’s the scenario:

Santa has released a web app that lets the children of the world check whether they are currently on the naughty or nice list. Unfortunately, the elf who coded it exposed more things than she thought. Can you access the list administration and ensure that every child gets a present from Santa this year?

After deploying the web server, I began by browsing to the IP in a web browser and sure enough, our Naughty and Nice List loaded. To test it out, I typed in a random name and hit “Search”.

The name I searched, Sarah, was on the Nice list. In order to begin planning our SSRF attack, I had to review the URL of the search…

--

--

Dark Roast Security
Dark Roast Security

Published in Dark Roast Security

Dark Roast Security’s mission is to inspire, educate, and share ideas about InfoSec. Follow to join our community!

Katlyn Gallo
Katlyn Gallo

Written by Katlyn Gallo

Coffee lover, bookworm, and InfoSec enthusiast | Find me on Twitter & Instagram: @ktgblogstech

No responses yet