Blind SSRF exploitation


A web server have a 'Content fetch proxy serve’r which is programed to fetch user profile pic images from S3 bucket while saving image url but if I change the default url by my server Domain the content fetch proxy server try to fetch things from my server.

I can make Content fetch proxy server to fetch anything from open internet and my server.

I don’t see this as any security risk but, can I do anything with it by making it as Blind ssrf. (I can’t see any response on client side)


Any suggestion please

Hi @Lethal.
Do you have access to the content fetched by the application? Because if it is used for changing the profile picture then I guess you can access the content.

yes, i can fetch only jpg files of specific size ,and that set on thumbnails .so basically i can fetch files and store it on main web app server.

Did you find any way to trick the application in fetching any file? Because sometimes you can get other files just adding .jpg at the end of the URL or things like that.

Not possible, i tried many way to call different extension files and manipulate request .
the main functionality only accept .jpg files. .
And i would like to tell you that report marked as a duplicate ,and it also fixed now .
but still i would like to hear other possible ways to exploit this if you have any.
Thank you for support.