Previous challenge Home
The vulnerability is Server-Side Request Forgery (SSRF)
html
<!--Insert the vulnerable code into a short web application-->

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <title>Web App Example</title>
</head>
<body>
  <form method="GET" action="vulnerable_code.php">
    <label for="url">Enter URL:</label>
    <input type="text" name="url" id="url">
    <button type="submit">Submit</button>
  </form>
</body>
</html>
php
// vulnerable code

<?php
$url = $_GET['url'];
$content = file_get_contents($url);
echo $content;
?>
php // vulnerable code $_GET['url']; $content = file_get_contents($url); echo $content; ?> ``` ```html Web App Example
``` ```php // solution how to fix the vulnerable code 
php
// solution how to fix the vulnerable code

<?php
function is_valid_url($url) {
    if (filter_var($url, FILTER_VALIDATE_URL) === false) {
        return false;
    }
    $parsed_url = parse_url($url);

    if (($parsed_url['scheme'] !== 'http') && ($parsed_url['scheme'] !== 'https')) {
        return false;
    }

    if ($parsed_url['host'] === 'localhost' || $parsed_url['host'] === '127.0.0.1') {
        return false;
    }

    // Add further validation checks as needed

    return true;
}

$url = $_GET['url'];
if (is_valid_url($url)) {
    $content = file_get_contents($url);
    echo $content;
} else {
    echo "Invalid URL";
}