SSRF vulnerabilities caused by SNI proxy misconfigurations
https://www.invicti.com/blog/web-security/ssrf-vulnerabilities-caused-by-sni-proxy-misconfigurations/

#ssrf #bugbounty #vulnerabilities #sniproxy #infosec

Just proxying through a whole DNS zone allows me to expose new services to any subdomain I want on the fly from a single server. Thanks to #sniproxy I can just get new certs from Let's Encrypt locally without even touching the proxy host.

Because most of my infrastructure happens to be IPv6 only, except of proxys, NAT and mailservers, I wasn't able to access it from the school network directly. For my current systems I used to proxy specific host names through #nginx manually. But I don't know what other requirements will come up during school days and I will not access my prod infra from school to tweak proxy settings. Therefore I dove into the world of wildcard DNS records and #sniproxy.