Server-side request forgery (SSRF)
Description
It is possible to induce the application's server into making requests to an arbitrary domain.
Impact
- Obtain usable credentials at the API Connect endpoint. - Read, write and delete user and system data. - Browse any path registered in the system, in the context of Apache Camel. - Consume HTTP, FTP, or any valid Apache Camel protocol-component services. - Obtain information from the network adjacent to the server, or its Public IP. - Obtain a token from any user, by modifying the clientIP field. - Evade control mechanisms against automated attacks, such as CAPTCHA and OTP (dynamic key). - Write files to the server, and identify its operating system.
Recommendation
The system must avoid that the information query from the server be controlled by users. If this is necessary, the system must restrict the endpoints accepted for query.
Threat
Unauthorized attacker from the Internet.
Expected Remediation Time
⏱️ 120 minutes.
Rules
Typescript Unsafe Nest Axios SsrfJava Ssrf Apache ClientTypescript Express Http Https SsrfPython Ssrf Session Unvalidated UrlTypescript Unsafe Nest Fetch SsrfJavascript Express Fetch SsrfJava Ssrf Net Http ClientJavascript Express Http Https SsrfJavascript Playwright Addinitscript SsrfPython Ssrf Unvalidated UrlJava Ssrf External Request Url BuilderTypescript Playwright Addinitscript SsrfJavascript Unsafe Setcontent User InputKotlin Ssrf From Untrusted UrlTypescript Ssrf Untrusted InputTypescript Unsafe Setcontent User InputKotlin Ssrf From Untrusted SocketPhp Ssrf Unvalidated UrlKotlin Ssrf Untrusted Url Http ClientsJavascript Ssrf Via Unsanitized AxiosC Sharp Ssrf Http ClientTypescript Unsafe Nest Http Https SsrfTypescript Ssrf Via Unsanitized AxiosTypescript Express Fetch SsrfScala Ssrf Tainted Url SinkJava Ssrf Spring Rest TemplateScala Ssrf Untrusted UrlC Sharp Ssrf Via WebrequestGo Ssrf Unvalidated UrlJavascript Ssrf Untrusted Input