What is SSRF?
Often vulnerabilities get tangled up with each other and it is difficult to say what vulnerability should be called by what name. It is not worth bothering with such things, roses smell the same no matter what you call them.
SSRF stands for Server Side Request Forgery, which generally refers to a situation where an attacker can manipulate an application to send HTTP requests to a desired target, potentially within the internal network or a local service of the attacker.
XXE and SSRF
XXE vulnerability often leads to SSRF vulnerability as external entities can also reference different resources other than files, one example being the HTTP service.
Here is an example XML file that, when processed by a vulnerable application, would download and embed the source code of Hakatemia's website inside the XML.
<!DOCTYPE auto[
<!ENTITY xxe SYSTEM "https://www.hakatemia.fi">
]>
<car>
<template>&xxe;</template>
</auto>Exercise
Do the exercise below and try to read the secret recipe from the internal HTTP API running on the server using an XXE attack.
XXE and SSRF
In this lab, you will practice SSRF attacks by exploiting XXE vulnerabilities.
Objective
Read the secret recipe from the recipe service running locally on the server whose URL address is: http://127.0.0.1:5000/api/v1/recipes
Exercises
Flag
Find the flag from the lab environment and enter it below.
Ready to become an ethical hacker?
Start today.
As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.