Previous challenge Home
The vulnerability is Server-Side Request Forgery (SSRF)
csharp
using System;
using System.IO;
using System.Net;

namespace SSRF
{
    class Program
    {
        static void Main(string[] args)
        {
            string url = args[0];
            WebClient webClient = new WebClient();
            string result = webClient.DownloadString(url);
            Console.WriteLine(result);
        }
    }
}
vulnerable code
vulnerable code - Use HttpClient instead of WebClient to have better control over the request. - Add a timeout for the request to prevent long-running requests that might be abused. - Validate the provided URL using Uri.TryCreate and only allow HTTP and HTTPS URL schemes to prevent the attacker from sending requests to other schemes like file, ftp, or custom protocols, which might result in potential leakage of sensitive information or other unexpected impacts.
short web application