Back

WordPress Server Side Request Forgery

By
Febna V M
Published on
29 Jun 2018

All WordPress applications using vulnerable plugins are vulnerable to attacks like Server Side Request Forgery. An attacker can leverage server-side request forgery to make the web application perform port scanning of hosts present in the internal and external network. Commonly vulnerable SSRF plugins on WordPress are flog, jRSS and many more. Server Side Request Forgery occurs when an attacker gets control over the request sent by the user. The attacker can gain access to the server using out-of-band and time-delay vector.

Example

The following is the example for this vulnerability:-

        <?php
        
        if (isset($_GET['URL'])){
        $url = $_GET['URL'];
        
        $image = fopen($url, 'rb');
        
        header("Content-Type: image/png");
        
        fpassthru($image);
        }

Impact

Using this vulnerability, an attacker can:-

  • GET any requests to the server.
  • Access unauthorised services from the server.
  • request for internal resources of the server.

Mitigation / Precaution

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.
Product tour
Written by
Febna V M
Febna V M
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.
Product tour