Security Lab Enhancement : SSRF Bypass Challenge

Controllers/HomeController.cs

@@ -358,16 +358,34 @@ public IActionResult SSRF()
     }
 
     [HttpPost]
-    public async Task<IActionResult> SSRF(string targetUrl)
+public async Task<IActionResult> SSRF(string targetUrl)
+{
+    // Define a whitelist of allowed domains
+    var allowedHosts = new[] { "example.com", "api.example.com" };
+
+    try
     {
-        using var http = new HttpClient();
+        // Parse the target URL
+        var uri = new Uri(targetUrl);
+
+        // Check if the host is in the whitelist
+        if (!allowedHosts.Contains(uri.Host))
+        {
+            return BadRequest("The specified URL is not allowed.");
+        }
 
-        // Vulnerable as the targetUrl is not whitelisted
+        using var http = new HttpClient();
         var response = await http.GetStringAsync(targetUrl);
         ViewData["Response"] = response;
 
         return View();
     }
+    catch (Exception ex)
+    {
+        // Handle invalid URLs or other exceptions
+        return BadRequest($"Error: {ex.Message}");
+    }
+}
 
     [HttpGet]
     // Vulnerable as the X-Forwarded-Host is not taken into account for the Cache Key

Views/Home/CommandInjection.cshtml

@@ -96,7 +96,7 @@
     <!-- Diff Modal -->
     <div id="diffModal" class="diff-modal">
     <div class="diff-content">
-        <h3>✅ Secure Version (.NET DNS API only)</h3>
+        <h3>✅ Secure Version </h3>
 
         <div class="diff-line removed">- args = $"/c nslookup &#123;domain&#125;";</div>
         <div class="diff-line removed">- args = $"-c &quot;nslookup &#123;domain&#125;&quot;";</div>