WordPress Server Side Request Forgery

OWASP 2013-A5 OWASP 2017-A6 CWE-918 ISO27001-A.14.2.5 WASC-20 WSTG-INPV-19

All WordPress applications using vulnerable plugins are vulnerable to attacks like Server Side Request Forgery. An attacker can leverage server-side request forgery to make the web application perform port scanning of hosts present in the internal and external network. Commonly vulnerable SSRF plugins on WordPress are flog, jRSS and many more. Server Side Request Forgery occurs when an attacker gets control over the request sent by the user. The attacker can gain access to the server using out-of-band and time-delay vector.

Example

The following is the example for this vulnerability:-

        <?php
        
        if (isset($_GET['URL'])){
        $url = $_GET['URL'];
        
        $image = fopen($url, 'rb');
        
        header("Content-Type: image/png");
        
        fpassthru($image);
        }

    

Impact

Using this vulnerability, an attacker can:-

  • GET any requests to the server.
  • Access unauthorised services from the server.
  • request for internal resources of the server.

Mitigation / Precaution

Latest Articles