掲示板
SSRF vulnerability
Hello experts,
i am working on a social portal, and i want to know what is "Server side request forgery vulnerability" (SSRF vulnerability) and how can i prevent our portal from this?
thanks
Akash
i am working on a social portal, and i want to know what is "Server side request forgery vulnerability" (SSRF vulnerability) and how can i prevent our portal from this?
thanks
Akash
9年前 に Tomas Polesovsky によって更新されました。
RE: SSRF vulnerability
Liferay Master 投稿: 676 参加年月日: 09/02/13 最新の投稿
Hi,
do you have any specific SSRF issue? I'd be glad if you could follow https://www.liferay.com/security - Reporting security issues and create a JIRA ticket. If it's bug in portal code, we fix it and give back to community once it's ready. Thanks!
In general:
SSRF means:
1, your application creates internal requests, for example HTTP requests using HttpClient / URL.openConnection()
2, you are possible (as an attacker) to change the internal request to other location or use different parameters
I think it's best to give an example.
So imagine an application that creates screenshots of some web:
* you enter address
* the application creates internal request to remote application and takes a screenshot of the result
* example: http://myapp.com/screenshot?url=http://liferay.com
When the application is SSRF vulnerable you are able, for example:
1, to call internal systems that are accessible from the screenshot application, e.g. http://myapp.com/screenshot?url=http://company-intranet/employees
2, to call remote systems to try to attack them (hiding yourself from remote system log), e.g. http://myapp.com/screenshot?url=http://vulnerable-system/some-exploit-vector
Prevention:
1) Validate input - use white-list to check allowed URLs (and parameters), example:
2) Correctly escape user input when constructing the remote server URL, example:
do you have any specific SSRF issue? I'd be glad if you could follow https://www.liferay.com/security - Reporting security issues and create a JIRA ticket. If it's bug in portal code, we fix it and give back to community once it's ready. Thanks!
In general:
SSRF means:
1, your application creates internal requests, for example HTTP requests using HttpClient / URL.openConnection()
2, you are possible (as an attacker) to change the internal request to other location or use different parameters
I think it's best to give an example.
So imagine an application that creates screenshots of some web:
* you enter address
* the application creates internal request to remote application and takes a screenshot of the result
* example: http://myapp.com/screenshot?url=http://liferay.com
When the application is SSRF vulnerable you are able, for example:
1, to call internal systems that are accessible from the screenshot application, e.g. http://myapp.com/screenshot?url=http://company-intranet/employees
2, to call remote systems to try to attack them (hiding yourself from remote system log), e.g. http://myapp.com/screenshot?url=http://vulnerable-system/some-exploit-vector
Prevention:
1) Validate input - use white-list to check allowed URLs (and parameters), example:
private List allowedURLsWhitelist = Arrays.asList(new String[]{
"http://my-subsystem/my-app?" , "http://10.0.0.15/my-app2?"
});
public String callRemoteServer(String url) {
if ( ! allowedURLsWhitelist.contains(url) {
throw new IllegalArgumentException("URL " + url + " is not allowed!!!");
}
// ... your code ...
}
2) Correctly escape user input when constructing the remote server URL, example:
String url = "http://my-subsystem/search?q=" + URLEncoder.encode(userSuppliedValue, "UTF-8");
9年前 に Akash Jaisawal によって更新されました。
RE: SSRF vulnerability
Regular Member 投稿: 141 参加年月日: 12/03/03 最新の投稿
Thanks Thomas,
Very thanks for valuable information
Very thanks for valuable information