This story will explain how to find and exploit SpEL parser in web applications based on Java language. What is SpEL ? From Spring documentation: The Spring Expression Language (SpEL for short) is a powerful expression language that supports querying and manipulating an object graph at runtime.
This is last part of my stories about exploiting service with SSRF bug. Part 1 is available here, and part 2 here. This part is focused on abusing Node.js and node-fetch library. I will try to “talk” with Redis service using CRLF injection in http parser.
In test of one application I have encountered bug in regex that leaded to Server Side Request Forgery (SSRF). Way of finding it was huge fun and excitement. It was also my first bug on production system ever.