SSRF To Internal Data Access Via PDF Print Feature
SSRF To Internal Data Access Via PDF Print Feature Introduction: Server-Side Request Forgery (SSRF) is a web security vulnerability that occurs when an attacker manipulates a server into making unauthorized HTTP or other protocol-based requests to unintended destinations. This exploit typically arises when an application fetches remote resources based on user-supplied input without adequately validating or sanitizing the input. Hunting SSRF in a Financial Application Most of the time, I focus on a single program when hunting for vulnerabilities. Sticking to one program allows me to understand its core functionalities and business logic more thoroughly. In this case, I was working on a private program related to finance. This application used different internal domains for handling financial data, fetching the data via iframes. Initially, I overlooked testing for CSRF or other bugs because I assumed the requests were encrypted. However, after digging deeper, I realized that t...