curl -X POST https://juice-shop.local/api/image/uploads \ -H "Content-Type: application/json" \ -d '"url": "http://localhost:3000/this/file/does/not/exist"' Because the server makes the request, the error response might reveal internal paths, but the actual flag is obtained by pointing to:
The critical mistake: . Exploitation: The Juice Shop SSRF Challenge To solve the Juice Shop SSRF challenge (usually titled "Who's the real unicorn?" or "SSRF – Request Bomb"), you must make the server fetch a resource from a location it shouldn't. Step 1: Reconnaissance with Localhost First, test if the server will fetch from localhost . Use Burp Suite or your browser's developer tools to intercept the image upload request.
const dns = require('dns').promises; const ip = await dns.lookup(urlObj.hostname); if (isPrivateIP(ip.address)) throw new Error('Blocked'); The SSRF vulnerability in OWASP Juice Shop is small but elegant. It demonstrates a single line of missing validation leading to a complete breach of network segmentation. For penetration testers, mastering SSRF means understanding that the server is just another user—one with far more privileges.
POST /api/image/uploads HTTP/1.1 Host: juice-shop.local Content-Type: application/json "url": "http://localhost:3000/some/path" juice shop ssrf
gopher://internal-redis:6379/_*2%0d%0a$4%0d%0aINFO%0d%0a This could dump internal databases. Leverage timing attacks. For each port:
Or more classically: The functionality, where you provide a URL to an image of your broken juice. The server tries to fetch that image to validate it. The Vulnerability: Unvalidated URL Fetching Let's look at the pseudo-code of the vulnerable endpoint:
"url": "file:///etc/passwd" Juice Shop's Node.js request module does follow file:// by default, but older urllib or curl wrappers do. Defenses: How to Kill SSRF Juice Shop is vulnerable by design. Here is how to fix it in production: 1. Allowlist, Never Blocklist const ALLOWED_DOMAINS = ['maps.googleapis.com', 'trusted-cdn.com']; const urlObj = new URL(userUrl); if (!ALLOWED_DOMAINS.includes(urlObj.hostname)) return res.status(403).send('Domain not allowed'); curl -X POST https://juice-shop
); );
Inspecting the network traffic reveals that the server makes a backend request to: https://maps.googleapis.com/maps/api/staticmap?center=...
Juice Shop downloads this image server-side and then serves it to the client. The parameter center (the address) is partially user-influenced via the order database. Use Burp Suite or your browser's developer tools
(Note: Exact path varies by version; check the challenge description in Juice Shop). SSRF is rarely an end in itself. In Juice Shop, it's a proof-of-concept, but in real systems, combine SSRF with other vulnerabilities: 1. Cloud Metadata Extraction If Juice Shop were deployed on AWS with a misconfigured IMDSv1:
Introduction: The Silent Proxy Server-Side Request Forgery (SSRF) is often called the "forgotten twin" of Cross-Site Request Forgery (CSRF). While CSRF tricks a user's browser , SSRF tricks the server itself . An SSRF vulnerability allows an attacker to induce the server to make HTTP requests to an arbitrary domain of the attacker's choosing.