SSRF

Server Side Request Forgery (SSRF)

What is SSRF (Server-side request forgery)? Tutorial & Examples | Web Security AcademyWebSecAcademy

Query string (hidden) parameters indicating SSRF

?dest={target} 
?redirect={target} 
?uri={target} 
?path={target} 
?continue={target} 
?url={target} 
?window={target} 
?next={target} 
?data={target} 
?reference={target} 
?site={target}

Explore POST data JSON properties as well. Especially for API integration functionalities.

Bypass input validation filters with

URL validation bypass cheat sheet for SSRF/CORS/Redirect - 2024 Edition | Web Security AcademyWebSecAcademy

use IP converters

IP Address Converter | AbuseIPDB

https://h.43z.one/ipconverter/

PreviousJavaScript .maps NextLDAP Injection

Last updated 1 month ago

Was this helpful?