TransWikia.com

HTML Injection to blind SSRF testing retrieves only DNS Query

Information Security Asked by None_None on October 28, 2021

I recently came across an application that was vulnerable to HTML injection on the invite function. When I insert <img src="image.jpg"> the image got rendered on the mail I received.

I decided to test for blind ssrf out of band detection, so I gave the payload as <img src=" burp collaborator payload"> and sent the invite. When I analyzed the Burp collaborator I received a DNS Query which was like this below.
enter image description here

I couldn’t get any HTTP request from the server.

Is this vulnerable or not? If not, is there any possible way to escalate or any bypassing methods to get the HTTP request?

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP