Blind SSRF with Shellshock Exploitation
This paper is intended to provide a brief description of the Blind SSRF attack. This proof of concept will help visualize and understand the attack when performed by an attacker. The attack vector discussed here will be using a Shellshock payload against the server in a virtual environment.
- Covering some key terms and definitions that will be used throughout the paper.
- Understanding different types of SSFR attacks and the scope of information and actions that are available in our proof of concept.
- Setting up the lab and performing the Blind SSRF attack on a vulnerable web application.