Php Ssrf Unvalidated Url
Description
Detects Server-Side Request Forgery (SSRF) vulnerabilities in PHP applications where user-controlled input is passed to URL request functions without proper validation. This could allow attackers to make arbitrary HTTP requests from the server, potentially accessing internal resources or services.
Detection Strategy
• Identifies calls to PHP functions that make HTTP requests like file_get_contents(), curl_exec()
• Analyzes if the URL parameter to these functions contains or is derived from user input (e.g., $_GET, $_POST variables)
• Reports a vulnerability when user-controlled data flows into request functions without URL validation or sanitization
• Common scenarios include when request URLs are directly constructed from user parameters without checking the protocol, domain, or path
Vulnerable code example
<?php
if (isset($_GET['url'])) {
$url = $_GET['url']; // Unsafe: User input directly used in URL
$response = file_get_contents($url); // Vulnerable: No URL validation before request
echo $response;
}✅ Secure code example
<?php
if (isset($_GET['url'])) {
$url = $_GET['url'];
// Validate URL structure first
if (filter_var($url, FILTER_VALIDATE_URL) === false) {
die("Error: Invalid URL format");
}...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.