HTML Injection to blind SSRF testing retrieves only DNS Query
Information Security Asked by None_None on October 28, 2021
I recently came across an application that was vulnerable to HTML injection on the invite function. When I insert <img src="image.jpg"> the image got rendered on the mail I received.
I decided to test for blind ssrf out of band detection, so I gave the payload as <img src=" burp collaborator payload"> and sent the invite. When I analyzed the Burp collaborator I received a DNS Query which was like this below.
I couldn’t get any HTTP request from the server.
Is this vulnerable or not? If not, is there any possible way to escalate or any bypassing methods to get the HTTP request?
Add your own answers!
Ask a Question
Get help from others!
Recent Questions
- How can I transform graph image into a tikzpicture LaTeX code?
- How Do I Get The Ifruit App Off Of Gta 5 / Grand Theft Auto 5
- Iv’e designed a space elevator using a series of lasers. do you know anybody i could submit the designs too that could manufacture the concept and put it to use
- Need help finding a book. Female OP protagonist, magic
- Why is the WWF pending games (“Your turn”) area replaced w/ a column of “Bonus & Reward”gift boxes?
Recent Answers
- Lex on Does Google Analytics track 404 page responses as valid page views?
- Peter Machado on Why fry rice before boiling?
- haakon.io on Why fry rice before boiling?
- Jon Church on Why fry rice before boiling?
- Joshua Engel on Why fry rice before boiling?