Reverse proxy misrouting

Description
  • A reverse proxy or the web application uses values of an HTTP request to route the request. It leads to SSRF vulnerability. SSRF as in Server Side Request Forgery is a vulnerability that allows an attacker to force a server into sending packets to the local interface or to another server behind the firewall. Consult Web References for more information about this problem. This script could generate false positive alerts if the scanner is configured to use an HTTP-proxy.
Remediation
  • Properly sanitize user requests or use a special sandboxed host to route requests to remote resources
References