Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V5 - Validation/Sanitization

SSRF

POC

Send the payload to see /etc/passwd file with the parameter: param=

For more info, please refer to: https://blog.cobalt.io/a-pentesters-guide-to-server-side-request-forgery-ssrf-1272f382f04d

Impact

High

Likelihood

High