This challenge covers how to trigger a Server-Side Request Forgery by leveraging CVE-2021-40438

< 1 Hr.
Brown Badge


In this challenge, we explore the CVE-2021-40438 vulnerability, which allows an attacker to perform Server-Side Request Forgery (SSRF) by exploiting Apache's `mod_proxy` module. Specifically, Apache looks for `unix:` handlers anywhere in the URL, not just at the start, leading to unintended behavior. By crafting a long URL, we can set the UNIX domain socket to null and instruct Apache to load an external URL.

We begin by crafting a URL that tricks Apache into ignoring the `unix:` handler. This is achieved by inserting a large string of characters, causing Apache to treat the handler as null and move on to the next URL segment. In the lab, this allows us to access services running on localhost, such as a server running on port 1234, and retrieve sensitive information.

Want to learn more? Get started with PentesterLab Pro! GO PRO