Fluid Attacks Database

Description

Detects potential SSRF vulnerabilities in C# code through unsafe usage of WebRequest.Create methods. The vulnerability occurs when untrusted user input can control the URL parameter passed to WebRequest.Create, allowing attackers to make arbitrary HTTP requests from the server to internal or external systems.

Weakness:

100 - Server-side request forgery (SSRF)

Category: Deceptive Interactions

Detection Strategy

• Check for calls to WebRequest.Create methods including fully qualified versions (System.Net.WebRequest.Create, Net.WebRequest.Create)

• Look for situations where the URL parameter passed to Create() method comes from an untrusted source like user input

• Report a vulnerability when WebRequest.Create is called with insufficient validation or sanitization of the URL parameter

Vulnerable code example

using System.Net;

public class Controllers {
    public void ReadContentOfURL(HttpRequest url) {
        // Vulnerable: Direct use of user input in WebRequest.Create enables SSRF
        WebRequest req = WebRequest.Create(url);
    }
}

✅ Secure code example

using System.Net;
using System;

public class Controllers {
    public void ReadContentOfURL(HttpRequest url) {
        // Validate URL against allowlist of permitted domains/patterns
        Uri parsedUrl = new Uri(url.ToString());
        string[] allowedHosts = { "someurl.com", "api.trusted-domain.com" };...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.