Server Side Request Forgery 03
This exercise is one of our challenges on Server-Side Request Forgery
In this lab, we delve into a code review of a Server-Side Request Forgery (SSRF) vulnerability showcased in the challenge Server Side Request Forgery 03, part of the Essential badge. The provided PHP code attempts to validate URLs by ensuring they do not point to localhost or 127.0.0.1. However, the approach is flawed as it only blocks specific inputs and can be easily bypassed with other representations of localhost.
The video transcript guides us through the PHP code, explaining how variables are checked and sanitized with htmlentities to prevent XSS attacks. It highlights two main issues: using the original GET parameter instead of the validated $url and an insufficient method of blocking only two localhost representations. The recommended solution involves maintaining a whitelist of allowed hosts to enhance security.