CVE-2021-40438
This challenge covers how to trigger a Server-Side Request Forgery by leveraging CVE-2021-40438
In this challenge, we explore the CVE-2021-40438 vulnerability, which allows an attacker to perform Server-Side Request Forgery (SSRF) by exploiting Apache's mod_proxy
module. Specifically, Apache looks for unix:
handlers anywhere in the URL, not just at the start, leading to unintended behavior. By crafting a long URL, we can set the UNIX domain socket to null and instruct Apache to load an external URL.
We begin by crafting a URL that tricks Apache into ignoring the unix:
handler. This is achieved by inserting a large string of characters, causing Apache to treat the handler as null and move on to the next URL segment. In the lab, this allows us to access services running on localhost, such as a server running on port 1234, and retrieve sensitive information.