Skip to content

a dockerised python application that has path traversal vulnerabilities

Notifications You must be signed in to change notification settings

appsecengineer/python-urllib

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SSRF Urllib

Setup

  • Step 1: Open terminal and change to lab directory
cd /root/ssrf-urllib
  • Step 2: Build and run the docker
docker build -t app .
docker run -p 5000:5000 -it app

Insecure variant

  • Step 1: Now attack to see if you can read internal sensitive files
http GET http://localhost:5000/insecure/optimize url=file:///etc/passwd | jq -r '.data.raw_data' | base64 --decode

You should see the password entries dumped in plain text

  • Step 2: Now attack to see if you can read internal sensitive url's
http GET http://localhost:5000/insecure/optimize url=http://169.254.169.254 | jq -r '.data.raw_data' | base64 --decode

You should see the API returning successful output here also

Secure variant

  • Step 1: Now attack to see if you can read internal sensitive files
http GET http://localhost:5000/secure/optimize url=file:///etc/passwd 

You should see the response as Invalid URL

  • Step 2: Now attack to see if you can read internal sensitive url's
http GET http://localhost:5000/secure/optimize url=http://169.254.169.254 

You should see the response as Invalid URL

About

a dockerised python application that has path traversal vulnerabilities

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published