Hello,
I’m doing the module related to the Server-side Attacks, and currently I was studying through the “Blind SSRF Exploitation Example” section and I have a simple question:
in the text at the beginning is reported:
Let us create an HTML file containing a link to a service under our control to test if the application is vulnerable to a blind SSRF vulnerability. This service can be a web server hosted in a machine we own, Burp Collaborator, a Pingb.in URL etc. Please note that the protocols we can use when utilizing out-of-band techniques include HTTP, DNS, FTP, etc.
<!DOCTYPE html>
<html>
<body>
<a>Hello World!</a>
<img src="http://<SERVICE IP>:PORT/x?=viaimgtag">
</body>
</html>
I want to test this simple Blind SSRF by using pingb.in service. When I access to it, I tried to write the its URL inside a file .html in this way:
<!DOCTYPE html>
<html>
<body>
<a>Hello World!</a>
<img src="http://pingb.in/<random_hex>">
</body>
</html>
then I upload this .html file inside the target web application (that is a html to pdf converter) but I don’t get the requests to pingb.in page.
I also tried to use http://pingb.in/p/<random_hex> as URL (note the /p/) inside the <img> tag but I don’t get any request on pingb.in page.
Do you know how can I use this service for this simple purpose? Thank you!