Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

MicroStrategy tinyurl - Server-Side Request Forgery (Blind)

By kannthu

Vidoc logoVidoc Module

What is the "MicroStrategy tinyurl - Server-Side Request Forgery (Blind)" module?

The "MicroStrategy tinyurl - Server-Side Request Forgery (Blind)" module is a test case designed to detect a blind server-side request forgery (SSRF) vulnerability in the MicroStrategy URL shortener. This module targets the MicroStrategy software and has a severity level of high. It helps identify potential security issues related to SSRF.


A successful exploitation of the blind server-side request forgery vulnerability in the MicroStrategy URL shortener could allow an attacker to make requests on behalf of the server, potentially leading to unauthorized access to internal resources, data leakage, or further attacks on other systems.

How the module works?

The module sends HTTP requests to the MicroStrategy URL shortener with specific parameters to test for the presence of the SSRF vulnerability. It checks if the response contains the words "taskResponse" and "The source URL is not valid" in the body. If these conditions are met, it indicates the presence of the vulnerability.

Example HTTP request:

GET /servlet/taskProc?taskId=shortURL&taskEnv=xml&taskContentType=xml&srcURL=

The module uses matching conditions to determine if the vulnerability is present. In this case, it checks for the presence of both "taskResponse" and "The source URL is not valid" in the response body. If these words are found, it indicates a positive match for the vulnerability.

By using this module, you can proactively identify and address blind SSRF vulnerabilities in the MicroStrategy URL shortener, enhancing the security of your system.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: taskResponse, The source URL is not vali...
Passive global matcher
No matching conditions.
On match action
Report vulnerability