Restrict SSRF Regexes

2023-03-07 17:37:30 +01:00 · 2023-03-07 17:37:30 +01:00 · cbf2e153d9
commit cbf2e153d9
parent 0795ff0fc5
2 changed files with 3 additions and 3 deletions
--- a/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java
+++ b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java
@ -44,12 +44,12 @@ public class SSRFTask1 extends AssignmentEndpoint {
    try {
      StringBuilder html = new StringBuilder();

-      if (url.matches("images/tom.png")) {
+      if (url.matches("images/tom\\.png")) {
        html.append(
            "<img class=\"image\" alt=\"Tom\" src=\"images/tom.png\" width=\"25%\""
                + " height=\"25%\">");
        return failed(this).feedback("ssrf.tom").output(html.toString()).build();
-      } else if (url.matches("images/jerry.png")) {
+      } else if (url.matches("images/jerry\\.png")) {
        html.append(
            "<img class=\"image\" alt=\"Jerry\" src=\"images/jerry.png\" width=\"25%\""
                + " height=\"25%\">");
--- a/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java
+++ b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java
@ -46,7 +46,7 @@ public class SSRFTask2 extends AssignmentEndpoint {
  }

  protected AttackResult furBall(String url) {
-    if (url.matches("http://ifconfig.pro")) {
+    if (url.matches("http://ifconfig\\.pro")) {
      String html;
      try (InputStream in = new URL(url).openStream()) {
        html =