BOOK THIS SPACE FOR AD
ARTICLE ADAccording to PortSwigger, Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.
In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services within the organization’s infrastructure, or to external third-party systems.
According to OWASP, Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benitign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
Let’s get started:
While testing a domain, I found a subdomain which was using JIRA Instance. I checked the version with wappalyzer tool it was “version 5.8.X”, this version was vulnerable by SSRF. I remember the write-up of “Alyssa Herrera” (“https://infosecwriteups.com/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a”).
There was an endpoint “plugins/servlet/oauth/users/icon-uri?consumerUri=http://google.com”
So I followed up the write-up. I wen to brute-XSS blog, replaced http://google.com with http://brutelogic.com.br/poc.svg …. Boom XSS popped-up
I want to also attach some tips for beginners, to get succeed in bug bounties.
Try to hunt in less crowded programsSearch targets with large no of scope.Don’t focus on main domain, focus on subdomains.At last but not least, Keep trying.You can also follow me on Linkedin , Twitter .
Hope you guys learnt something new. If you liked it share with your fellow hackers. I’ll be posting 2 write-ups in a week. Untill then Goodbye!