It was 9/24/2019. I was a newbie at bug bounty hunting, and I’m still a newbie there! Whatever, let’s enter the story.
Today I’ll talk about the SSRF vulnerability. Let’s know what SSRF is. Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.
Okay, when I first started hacking, I liked to test random websites to improve my skills because I wasn’t yet proficient enough to test on a platformed website. For my testing, I used a well-known Bangladeshi eCommerce website. I just started and got a request like this.
I became very strange! It was working! The response was like this!
The request was to load files from third party domains!
Then I began to wonder, “What can I do more of?” Because I had no IP logger, I could check the SSRF clearly! I fired up My Little Buddy Command Prompt and took the IP of my target domain with the command ‘ping targetsite.com.
I again changed the request to this:
I changed the URL with Iplocation and got the domain’s IP in the response!
SSRF has been confirmed yet again!
The site had no bug bounty program, but I reported them politely, and they awarded me a 5-digit bounty, which was unexpected from a random and non bounty provider company!
“About the author: Muhammad Julfikar Hyder is a bug bounty hunter and cybersecurity enthusiast. You can follow them on Twitter at @thejulfikar for more security tips and updates on their latest findings.”