Server-Side Request Forgery in Java by URLConnection Method

Vulnerability Description

Server Request Forgery (Server-Side Request Forgery). The vulnerabilities are caused by attackers constructing attack requests and transmitting them to the server for execution. Generally, it is used to detect data over the Internet or attack intranet services.

SSRF Vulnerability

Server-Side Request Forgery (SSRF) is simply an attack where the server will make a request (act like a proxy) for the attacker either to a local or to a remote source and then return a response containing the data resulting from the request.

We can say that the concept of SSRF is the same as using a proxy or VPN where the user will make a request to a certain resource, then the proxy or VPN Server will make a request to that resource, then return the results to the user who made the request.

From SSRF, various things can be done, such as:

From SSRF, various things can be done, such as:

  • Local/Remote Port Scan
  • Local File Read (using file://)
  • Interact with internal apps/service/network
  • RCE by chaining services on the internal network
  • Read Metadata Cloud (AWS, Azure, Google Cloud, Digital Ocean, etc)
  • Reflected XSS/CSRF
  • Internet ip address/port scan
  • Server sensitive data reading
  • Exploit application vulnerabilities on internal hosts
  • Exploit internal website vulnerabilities

SSRF vulnerabilities

  • The Social sharing function: obtain the title of the hyperlink and other content for display.
  • Image loading/downloading: for example, click to download an image to a local device in a rich text editor.
  • image/article collection function: mainly uses the title and text content in the URL as a display for a good experience.
  • The develop platform interface testing tools: some companies will open some of their own interfaces to form third-party interfaces. At this time, they usually develop a web to test whether their interfaces are connected, and test the interfaces for these programmers. If they are not filtered properly, ssrf will be caused.

Related Classes

Check Who Inherits The URLConnection Method

Java SSRF

Supported pseudo protocols

file

FTP

http

https

jar

mailto

netdoc

SSRF Vulnerability Exploitation

SSRF Vulnerability Exploitation

URLConnection-Read Files

HttpURLConnection-Internet Detection

The Actual Combat

Originally published at https://tutorialboy24.blogspot.com

--

--

Our mission is to get you into information security. We'll introduce you to penetration testing and Red Teaming. We cover network testing, Active Directory.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
TutorialBoy

TutorialBoy

Our mission is to get you into information security. We'll introduce you to penetration testing and Red Teaming. We cover network testing, Active Directory.