vos9/Web_Hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create Secure Coding - Server Side Request Forgery.md

Browse Source
This commit is contained in:
Mehdi 2023-12-16 10:02:50 +03:30 committed by GitHub
parent feaf9c34ed
commit e86c0b3185
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 167 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

167
Secure Coding - Server Side Request Forgery.md Normal file
View File

@ -0,0 +1,167 @@
# Server Side Request Forgery (API7:2023)
Due to this vulnerability, the attacker has the possibility to forge requests on the server side and send fake requests to authorized destinations.
* Example
GET request to get an image from a specific URL:
```html
GET /api/image?url=http://malicious-website.com/malware.jpg
```
### Non-compliant code (.NET)
```c#
[Route("api/images")]
public class ImageController : ApiController
{
[HttpGet]
public IHttpActionResult GetImage(string url)
{
// Fetch the image from the specified URL without proper validation
using (WebClient client = new WebClient())
{
byte[] imageData = client.DownloadData(url);
return File(imageData, "image/jpeg");
}
}
// Other methods...
}
```
### Compliant code (.NET)
```c#
[Route("api/images")]
public class ImageController : ApiController
{
[HttpGet]
public IHttpActionResult GetImage(string url)
{
// Validate and sanitize the URL before fetching the image
if (!IsValidUrl(url))
{
return BadRequest("Invalid URL");
}
using (WebClient client = new WebClient())
{
byte[] imageData = client.DownloadData(url);
return File(imageData, "image/jpeg");
}
}
private bool IsValidUrl(string url)
{
// Implement URL validation logic here (e.g., whitelist trusted domains)
// Return true if the URL is valid, otherwise false
// Example validation logic:
return url.StartsWith("http://trusted-domain.com");
}
// Other methods...
}
```
## General prevention suggestions:
* Before sending a request to a given URL, check and validate the URI and destination resource carefully.
* Limiting the ability to receive information from external sources and restricting the list of authorized access to remote URLs.
* Using Whitelist to show only valid addresses and allow access to them.
* Validate and filter user input and URL-related parameters before using them in the request.
* Use network restrictions, such as firewalls, to restrict access to external resources.
* Training the development team to properly evaluate and validate a URI before using it in requests.