Request Forgery: kkFileView 4.0.0 - Server-Side Request Forgery¶

Identifier: kkfileview_ssrf

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

kkFileView 4.0.0 is susceptible to server-side request forgery, potentially allowing attackers to make requests to internal services or restricted resources.

How we test: We test for SSRF vulnerabilities in kkFileView by injecting URLs pointing to internal services or our callback server and analyzing responses to detect if requests are made to the specified URLs.

Reference:

https://github.com/kekingcn/kkFileView/issues/296

Configuration¶

Example¶

Example configuration:

---
security_tests:
  kkfileview_ssrf:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.