Server-Side Request Forgery (SSRF)- PortSwigger Labs

Lab: SSRF with filter bypass via open redirection vulnerability

Michael Koczwara

3 min readApr 20, 2022

--

SSRF Attack Lifecycle

Lab: SSRF with filter bypass via open redirection vulnerability

Objectives:

This lab has a stock check feature that fetches data from an internal system.

Michael Koczwara

Written by Michael Koczwara

Security Researcher

Recommended from Medium

Proviesec
in
InfoSec Write-ups

CRLF Injection — xxx$ — How was it possible for me to earn a bounty with the Cloudflare WAF?

I recently discovered a CRLF injection vulnerability on a popular website. In this blog post, I will describe the vulnerability and the…

5 min readDec 24, 2022

--

Aditya Chauhan

Server-Side Request Forgery (SSRF) to RCE

Server-Side Request Forgery (SSRF) is a type of web application vulnerability that can lead to serious security issues, including Remote…

3 min readFeb 17

--

Lists

Staff Picks

329 stories83 saves

Stories to Help You Level-Up at Work

19 stories53 saves

Self-Improvement 101

20 stories107 saves

Productivity 101

20 stories116 saves

Aditya Chauhan

Html Injection To Remote Code Execution

HTML Injection, also known as Cross-site Scripting (XSS), is a web security vulnerability that allows attackers to inject malicious code…

2 min readFeb 14

--

Saurabh siddharam sanmane

Subdomain Takeover using Webflow Service

Hello Hackers! 👋

4 min read5 days ago

--

citril

Advanced .htaccess file attacks (Part I)

.htaccess? Yep, sometimes they can lead to an RCE, XSS and etc. Let’s dive into .htaccess configuration world.

5 min readJan 16

--

WHO AM I ?

How I found Reflected XSS in Users login page on Public Program ?

here I will discuss some ideas not tools so if you only use tools and don’t have any idea about real hunting please don’t waste your time…

3 min readMay 23

--

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech