Server-Side Request Forgery (SSRF)

Property
Language
Severity
CWE	CWE-918: Server-Side Request Forgery (SSRF)
OWASP	A10:2021 - Server-Side Request Forgery (SSRF)
Confidence Level	Low
Impact Level	Low
Likelihood Level	Low

Description#

Passing untrusted user input directly to PhantomJS page methods (like open, setContent, or evaluateJavaScript) can allow attackers to control what the server accesses or executes. Without proper validation or sanitization, this creates a security risk.

Impact#

If exploited, attackers could make your server request internal or external resources, potentially exposing sensitive data, accessing restricted services, or enabling further attacks such as internal network scanning or unauthorized actions on behalf of the server.