Open Redirect Vulnerability:
Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs.
When apps and web pages have requests for URLs, they are supposed to verify that those URLs are part of the intended page’s domain. Open redirect is a failure in that process that makes it possible for attackers to steer users to malicious third-party websites. Sites or apps that fail to authenticate URLs can become a vector for malicious redirects to convincing fake sites for identity theft or sites that install malware.
XML-RPC:
It's remote procedure calling using HTTP as the transport and XML as the encoding. XML-RPC is designed to be as simple as possible, while allowing complex data structures to be transmitted, processed and returned.
SSRF:
In a SSRF attack the attacker can change a parameter used on the web application to create or control requests from the vulnerable server.
Since the attacker cannot send direct requests to the victim’s server, because they are blocked by a firewall, to scan an internal network the attacker has to:
- Send a request to the vulnerable web server that abuses the SSRF vulnerability.
- The web server makes a request to the victim’s server which sits behind the firewall.
- The victim’s server responds with the data.
- If the specific SSRF vulnerability permits it, the data is sent back to the attacker.
When information in a web application has to be retrieved from an external resource, which could also be internal services, such as a RSS feed from another website, server side requests are used to fetch the resource and include it in the web application. For example, a developer can use a URL such as https://example.com/feed.php?url=externalsite.com/feed/ to retrieve the remote feed. If the attacker is able to change the url parameter to localhost, then he is able to view local resources hosted on the server, making it vulnerable to Server Side Request Forgery.
Detecting SSRF: In order to detect Server-Side Request Forgery (SSRF) automatically, we’ll need to rely on an intermediary service since the detection of such a vulnerability requires an out-of-band and time-delay vector.
DDoS attack:
With the first data and a list of Liferay sites exist SSRF/XML-RPC vulnerability is placed in the zombie.txt directory.
The tool in python uses Multithread to continuously post an xml code to send the request to the Ddos object for each source url.
Requires Python 2.7
Modules require:
pip install scapy
pip install requests
python liferay.py -u <url> -l zombie.txt
Enter! and DDoS attack has been started!
To view the map of the address of the attack, we use Ufonet by copying the ip addresses into the MapAttack folder
Require:
pip install tornado
pip install pyjade
pip install geoip2
Change the absolute path to the MapAttack directory at the webroot variable (line 35, 36 and 39) in the server.py file
Run with: python server.py
Then, access to address http://127.0.0.1:8080/
Get tool Here.
