juice shop ssrf juice shop ssrf

To exploit the SSRF vulnerability in the Juice Shop, an attacker can send a crafted request to the /api/customers endpoint, including a malicious url parameter. The server will then make a request to the specified URL, allowing the attacker to access sensitive data or bypass security controls.

The Juice Shop is a Node.js-based web application that is intentionally vulnerable to various web application vulnerabilities, including SSRF. The SSRF vulnerability in the Juice Shop is located in the /api/customers endpoint, which allows users to retrieve customer data.

docker run -p 3000:3000 bkimminich/juice-shop Use a tool like curl or a web browser’s developer tools to send a crafted request to the /api/customers endpoint:

Fundamentals More Fundamentals »
Basic Charts More Basic Charts »
Statistical Charts More Statistical Charts »
Scientific Charts More Scientific Charts »
Financial Charts More Financial Charts »
Maps More Maps »
Artificial Intelligence and Machine Learning More AI and ML »
Bioinformatics More Bioinformatics »
More Bioinformatics »
3D Charts More 3D Charts »
Subplots
Jupyter Widgets Interaction
Add Custom Controls
Animations
Advanced
juice shop ssrf