Merge pull request #69 from Jumbo-WJB/jumbo

add Blind SSRF with proxy param or url param
PortSwigger · Jul 31, 2023 · d6fd689 · d6fd689
2 parents 4a60180 + 4e1ba7d
commit d6fd689
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/other/Blind-SSRF-By-Collaborator.bcheck b/other/Blind-SSRF-By-Collaborator.bcheck
@@ -0,0 +1,23 @@
+metadata:
+    language: v1-beta
+    name: "Blind SSRF By Collaborator"
+    description: "Blind SSRF with proxy param or url param"
+    author: "[email protected]"
+
+define:
+    proxy_ssrf = `http://{generate_collaborator_address()}/proxy`
+    url_ssrf = `https://{generate_collaborator_address()}/url`
+
+given request then
+    send request:
+        appending queries:
+	  `proxy={proxy_ssrf}`,
+          `url={url_ssrf}`
+    if http interactions then
+        report issue:
+            severity: high
+            confidence: firm
+            detail: "The site request url params or proxy params, There may be ssrf vulnerabilities."
+            remediation: "Ensure that the site does not directly request URLs from the proxy param or url param."
+    end if
+