SYM_JSTS_0116 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Server-Side Request Forgery (SSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Passing untrusted user input directly to PhantomJS page methods (like open, setContent, or evaluateJavaScript) can allow attackers to control what the server accesses or executes. Without proper validation or sanitization, this creates a security risk.
Impact
If exploited, attackers could make your server request internal or external resources, potentially exposing sensitive data, accessing restricted services, or enabling further attacks such as internal network scanning or unauthorized actions on behalf of the server.