Webgoat - Server-Side Request Forgery

Webgoat – Server-Side Request Forgery

In this walk through, we will be going through the Server-Side Request Forgery vulnerability section from Webgoat Labs. We will be exploring and exploiting Server-Side Request Forgery and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.

Server-Side Request Forgery

1. Find and modify the request to display Jerry

  • In this challenge, our goal is to display jerry on the page by modifying parameters in the web request.

1. Find and modify the request to display Jerry

  • I intercepted the POST request via Burpsuite, in the below section we can see the url parameter where the value is set to an internal directory images and then to the image tom.png.

Burpsuite POST request intercept

  • I suspected that the same images directory might contain image related to jerry. So, changed the url parameter value to – images/jerry.png

Changing parameter value

  • Successfully displayed the cute jerry image on the page.

Challenge completed

2. Change the request, so the server gets information from http://ifconfig.pro

  • In this challenge, our goal is to get information from http://ifconfig.pro server by modifying the web requests.

2. Change the request, so the server gets information from http://ifconfig.pro

  • Intercepted the POST request again via Burpsuite. Found the same parameter – url.

Burpsuite intercept

  • Changed the url paramter with the target URL and forwarded the request to the application.

Changing parameter value

  • Got results back from the target server. Thus, completing the challenge.

Challenge completed

Also Read: Webgoat – Password reset

Conclusion:

Conclusion

So, we finally completed the Webgoat Server-Side Request Forgery section. Next, we can mitigate these types of attacks by implementing proper whitelists and DNS resolution to access the private addresses. Along with that, proper response handling at the server side, disable unused URL schemes and implementing proper authentication on internal services. On that note, i will take your leave and will meet you in next one with another Webgoat vulnerability writeup, till then “Keep Hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top