Una Server Side Request Forgery (SSRF) spiegata semplice

Oggi parleremo di una #vulnerabilità #critica che può causare seri danni alla sicurezza delle #applicazioni #web: la Server Side Request Forgery (#SSRF). La SSRF è una #vulnerabilità che si verifica quando un #server #web legge il contenuto degli #URL a partire dai parametri #GET o #POST o dai #COOKIE o HTTP HEADERS che gli vengono passati.

A cura di Davide Cavallini.

Condividi questo post se hai trovato la news interessante.

#redhotcyber #online #it #web #ai #hacking #privacy #cybersecurity #cybercrime #intelligence #intelligenzaartificiale #informationsecurity #ethicalhacking #dataprotection #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #infosecurity

https://www.redhotcyber.com/post/una-server-side-request-forgery-ssrf-spiegata-semplicemente/

::ffff:127.0.0.1 – co to za dziwny adres IP? Ano taki, którym udało się zgarnąć od Cloudflare $7500 nagrody bug bounty

Opis na serwisie Hackerone jest dość enigmatyczny: By using IPv4-mapped IPv6 addresses there was a way to bypass Cloudflare server’s network protections and start connections to ports on the loopback (127.0.0.1) or internal IP addresses (such as 10.0.0.1) Cloudflare zdecydował się jednak przygotować nieco dłuższy opis podatności, która została zgłoszona...

#WBiegu #Cloudflare #Ipv6 #Ssrf
https://sekurak.pl/ffff127-0-0-1-co-to-za-dziwny-adres-ip-ano-taki-ktorym-udalo-sie-zgarnac-od-cloudflare-7500-nagrody-bug-bounty/

MD2PDF - I have just completed this room! Check it out: https://tryhackme.com/room/md2pdf #tryhackme #pdf #markdown #xss #ssrf #security #md2pdf via @RealTryHackMe

✨ SSRF bypass list:

-------
Base-Url: 127.0.0.1
Client-IP: 127.0.0.1
Http-Url: 127.0.0.1
Proxy-Host: 127.0.0.1
Proxy-Url: 127.0.0.1
Real-Ip: 127.0.0.1
Redirect: 127.0.0.1
Referer: 127.0.0.1
Referrer: 127.0.0.1
Refferer: 127.0.0.1
Request-Uri: 127.0.0.1
Uri: 127.0.0.1
Url: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Custom-IP-Authorization: 127.0.0.1
X-Forward-For: 127.0.0.1
X-Forwarded-By: 127.0.0.1
X-Forwarded-For-Original: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-Host: 127.0.0.1
X-Forwarded-Port: 443
X-Forwarded-Port: 4443
X-Forwarded-Port: 80
X-Forwarded-Port: 8080
X-Forwarded-Port: 8443
X-Forwarded-Scheme: http
X-Forwarded-Scheme: https
X-Forwarded-Server: 127.0.0.1
X-Forwarded: 127.0.0.1
X-Forwarder-For: 127.0.0.1
X-Host: 127.0.0.1
X-Http-Destinationurl: 127.0.0.1
X-Http-Host-Override: 127.0.0.1
X-Original-Remote-Addr: 127.0.0.1
X-Original-Url: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Proxy-Url: 127.0.0.1
X-Real-Ip: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Rewrite-Url: 127.0.0.1
X-True-IP: 127.0.0.1

-----

https://twitter.com/0dayCTF/status/1556279777455386627?t=Z51UbhiolM5RuAww32v3Ww&s=19

Credit: @0dayCTF

#infosec #bugbounty #bugbountytips #redteam #pentesting #ssrf

RT @Nullblr
2nd talk of the day : SSRF attacks by Srinivas
@OWASPBangalore @null0x00 #SSRF
#infosec

RT @CWISociety@twitter.com

@doc_on_the_run@twitter.com Your comment nailed exactly what is exciting and difficult about #SSRF research. We have so much great work to do! #teamworkmakesthedreamwork #chestwallinjury

🐦🔗: https://twitter.com/CWISociety/status/1616180707943976960

Article: How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services

https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/

#ssrf #Cyber #cybersec #cybersecurity #infosec #infosecurity

Experts found #SSRF flaws in four different #Microsoft #Azure services
https://securityaffairs.com/140947/hacking/microsoft-azure-services-ssrf-flaws.html
#securityaffairs #hacking #malware

SSRF vulnerabilities caused by SNI proxy misconfigurations
https://www.invicti.com/blog/web-security/ssrf-vulnerabilities-caused-by-sni-proxy-misconfigurations/

#ssrf #bugbounty #vulnerabilities #sniproxy #infosec

AWS #IAM credential abuse, a quick walk through of a web app exploitable by #SSRF that leads to stolen IAM role credentials.

While this isn’t the latest attack vector it’s still commonly seen in the wild (first hand exp). Being aware of such attacks is key to understanding artefacts you might see even from an EDR perspective.

A bonus to this, is the AWS CIRT labs that were released just before Christmas. While I’ve only been through one (SSRF) they are excellent resources for learning and responding to cloud level attacks (there are 5) https://aws.amazon.com/blogs/security/aws-cirt-announces-the-release-of-five-publicly-available-workshops/

#dfir #cloud #aws - hope this helps with awareness of this technique (MITRE Unsecured Credentials: Cloud Instance Metadata API) and the impact this can have in your cloud environment. Here are my notes - enjoy;

https://sneakymonkey.net/cloud-credential-abuse/

#Skype for Business #Audit by @frycos

Part 1 - SKYPErsistence
https://frycos.github.io/vulns4free/2022/09/22/skype-audit-part1.html

Part 2 - SKYPErimeterleak
https://frycos.github.io/vulns4free/2022/09/26/skype-audit-part2.html

#vulnerability #research #persistence #ssrf

IP addresses can be written as integers, e.g. 127.0.0.1 is 2130706433, or the EC2 metadata service is at 2852039166.

More examples:
https://m.youtube.com/shorts/st9FOr6ptoY

This can lead to blocklist bypasses + successful Server-Side Request Forgery.

#ssrf #bugbountytips

Why is Microsoft calling #CVE_2022_41040 and #CVE_2022_41080 "elevation of privilege" vulns? 🤔​ They're #SSRF flaws, no?
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41040
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41080

🎁-time: Here you go two Cisco BroadWorks CommPilot Application Software vulnerabilities which our team ( @smaury @zi0Black @thezero ) found during an engagement for one of our customers.
CVE-2022-20951: Unauthenticated #SSRF - https://www.shielder.com/advisories/cisco-broadworks-commpilot-ssrf/
CVE-2022-20958: Authenticated #RCE - https://www.shielder.com/advisories/cisco-broadworks-commpilot-authenticated-remote-code-execution/

#SSRF (Server Side Request Forgery) testing resources
https://github.com/cujanovic/SSRF-Testing
#Hacking #infosec

Finally got some time to play around on h1... Had to refresh my notes around some of the testing tools / infra and bumped into https://github.com/brannondorsey/whonow . I always forget I have a domain + instance for it. IMHO it is absolutely great to quickly test against #dnsrebinding for #ssrf . #bugbountytips

Need a quick and dirty way to serve up arbitrary IPv4 or IPv6 embedded IPv4 addresses to exploit an #ssrf vuln? Check out aaaaize: https://gitlab.wtfismyip.com/wtfismyip/aaaaize

Awesome Server Side Request Forgery(SSRF) mind map by @hackerscrolls

#bugbounty #bugbountytips #redteam #redteamingtips #pentestingtips #pentesting #ssrf #infosecurity

SSRF bypass by #bugbounty hunter Basavaraj banakar:

Using url shortener to bypass payload detection(i.e /etc/passwd)

#bugbountytips #ssrf #redteam #pentesting

SSRF via DNS Rebinding (CVE-2022–4096) :

https://link.medium.com/jxSMMaVjavb

#infosec #ssrf #owasp #bugbounty #pentesting