Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Web Page Test - Server Side Request Forgery (SSRF)

By kannthu

High
Vidoc logoVidoc Module
#ssrf#webpagetest#oast
Description

What is the "Web Page Test - Server Side Request Forgery (SSRF)" module?

The "Web Page Test - Server Side Request Forgery (SSRF)" module is designed to detect the presence of a server-side request forgery vulnerability in the Web Page Test software. This vulnerability can allow an attacker to manipulate the server into making unintended requests to internal resources or external systems, potentially leading to unauthorized access or data leakage. The severity of this vulnerability is classified as high.

This module was authored by pdteam.

Impact

A successful exploitation of the server-side request forgery vulnerability in Web Page Test can have serious consequences. It can enable an attacker to bypass security controls and gain unauthorized access to sensitive information or internal systems. This can lead to data breaches, unauthorized data modifications, or even complete system compromise.

How does the module work?

The "Web Page Test - Server Side Request Forgery (SSRF)" module works by sending a specific HTTP request to the target system and analyzing the response. The module uses the following matching conditions to identify the presence of the vulnerability:

- The response should contain the phrase "File is not a JPEG Image". - The interaction protocol used in the request should be "http".

If both conditions are met, the module flags the presence of the server-side request forgery vulnerability in the Web Page Test software.

Here is an example of the HTTP request sent by the module:

GET /jpeginfo/jpeginfo.php?url={%InteractionURL%} HTTP/1.1

The module sends this request to the target system and checks if the response meets the specified matching conditions.

Reference:

- https://thinkloveshare.com/hacking/preauth_remote_code_execution_web_page_test/ - https://github.com/WPO-Foundation/webpagetest

Metadata:

- max-request: 1 - verified: true - shodan-query: title:"WebPageTest"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/jpeginfo/jpeginfo.p...
Matching conditions
word: File is not a JPEG Imageand
word: http
Passive global matcher
No matching conditions.
On match action
Report vulnerability