The best way to explain this is with an example. Webhook IntegrationsĪpplications that wish to integrate with other applications will often do so by implementing outgoing webhooks. Unsurprisingly, these parameter names all refer to an object type that could be fetched from a remote resource. This tool was originally created by Jason Haddix when he worked at Bugcrowd, so I believe that these parameter names were collated from Bugcrowd’s bug bounty submissions. Thankfully, this data has already been collated in the HUNT Burp Suite extension. It pays to know what parameter names are most likely to be vulnerable to SSRF so that we can pay extra attention to them. When security testing applications in the wild, we will typically be analyzing thousands of requests and parameters. Where to Find SSRF Vulnerabilities Common Vulnerable Parameter Names
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |