-
Notifications
You must be signed in to change notification settings - Fork 3
Activity 6 Questions
Wyatt Tauber edited this page Nov 24, 2019
·
8 revisions
- Provide a link to the test cases you generated for this activity.
- How would you fix your code so that this issue is no longer present?
A simple fix to mitigate the SSRF vulnerability would be to perform additional checks on the file obtained via URL in order to ensure that the file is a .mp4 file and not an arbitrary file or command.
- How does your test demonstrate SSRF as opposed to just accessing any old endpoint.
A server side request forgery is any action that the client can cause the server to take on its behalf that otherwise would be denied if the client sent the request itself. As the client cannot access chaimtube.local/etc/passwd, a file handler was introduced that causes the server to request any file in its /etc folder if requested via the /file webpage. Requesting chaimtube.local/file/passwd causes the server to request chaimtube.local/etc/passwd, and since the server is allowed to do this, it returns the file to the client.
footer