You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a Server-side request forgery vulnerability. We can change HTTP Referer Header to any url, then the server will request it. Details are as follows:
We need to send two requests
1. First register an account normally, here my account is test123, and the password is 123456
2. Log out of our account and log in again from the picture below
This is a Server-side request forgery vulnerability. We can change HTTP Referer Header to any url, then the server will request it. Details are as follows:
We need to send two requests
1. First register an account normally, here my account is test123, and the password is 123456
2. Log out of our account and log in again from the picture below
use burpsuite change the http Referer Header,
The first POC request is as follows
3. Login with our account and password
use burpsuite , We don't modify anything
The second POC request is as follows
Then we found that the response packet of the second request contained a 302 jump, The jump url is the Referrer header of our first request packet
The response of the second request packet is as follows
4. Vulnerability proof
5. how to fix
https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html
The text was updated successfully, but these errors were encountered: