Which of the following would make for a good vAPI request to test for SSRF?
/vapi/serversurfer
Which type of SSRF attacks is vAPI susceptible to?
In-Band
Out-of-Band
Blind
What HTTP status code does vAPI's serversurfer respond with when using http://127.0.0.1 as a payload?
403
What HTTP status code does vAPI's serversurfer respond with for a successful SSRF attack?
200
What happens to data retrieved by vAPI with a successful in-band SSRF attack against the serversurfer?
The resources retrieved are sent back base64 encoded
Last updated 2 years ago