Server-Side Request Forgery (SSRF) on browsershot

Server-Side Request Forgery (SSRF) on browsershot.md

Name: Server-Side Request Forgery (SSRF) on spatie/browsershot

Affected Project: spatie/browsershot

Github Repo: https://github.com/spatie/browsershot

Version: 5.0.3

Payloads:

http(s)://localhost:{PORT}

http(s)://127.0.0.1:{PORT}

http(s)://0.0.0.0:{PORT}

Attack Demonstration (POC)

1. Prepare the script and setup a webserver

2. Launch the script and result