HTTP request might enable SSRF attack #7
Description
Find more live information in Aikido here: https://app.aikido.dev/queue?sidebarIssue=4150775&groupId=6189&sidebarIssueTask=639176&sidebarTab=tasks
Scope
This task includes issues in the following code repository:
- kubebot: tools/gobuster/main.go at line 175
TLDR
If an attacker can control the URL input leading into this http request, the attack might be able to perform an SSRF attack. This kind of attack is even more dangerous is the application returns the result of the URL fetch to the user. It can serve as an initial access point for an attacker for stealing credentials in the cloud.
How to fix
If possible, only allow requests to verified domains. If not, consult the article linked above to learn about other mitigating techniques such as disabling redirects, blocking private IPs and making sure private services have internal authentication. If you return data coming from the request to the user, validate the data before returning it to make sure you don't return random data.