/Code Review/Basic SSRF via Image URL

Basic SSRF via Image URL

Image proxy fetches user-provided URLs without validation.

HIGHEasy

Vulnerable Codepython

1@app.route('/proxy-image')
2def proxy_image():
3    url = request.args.get('url')
4    response = requests.get(url)
5    return Response(response.content, mimetype='image/png')

Understanding the Issue

The server fetches any URL the user provides. Attackers can use this to access internal services, scan internal networks, or retrieve cloud metadata credentials.

Internal Service Access

Attacker accesses internal services through the proxy

Malicious Input

/proxy-image?url=http://localhost:8080/admin
/proxy-image?url=http://192.168.1.1/router-config

Impact

✓ Server fetches internal URLs
✓ Attacker sees admin panel content
✓ Can access any internal service

Technical Details

Vulnerability Type: Server-Side Request Forgery
Severity: HIGH
Language: Python
CWE: CWE-918
OWASP: A10:2021 - SSRF

Basic SSRF via Image URL

Understanding the Issue

How Attackers Exploit This

Internal Service Access

Finding the Vulnerability(3 hints)

Technical Details

Basic SSRF via Image URL

Understanding the Issue

How Attackers Exploit This

Internal Service Access

Finding the Vulnerability(3 hints)

Technical Details