What is SSRF (Server-Side Request Forgery)?
Server-Side Request Forgery (SSRF) is a web vulnerability where attackers trick a server into making unauthorized requests to internal or external systems.
How Does It Work?
An attacker sends a malicious URL in a request that the server processes as legitimate. The server then makes the request on the attacker’s behalf.
Example:
A shopping app checks stock by making a backend API request:
POST /product/stock
stockApi=http://stock.server.com/check?productId=6&storeId=1
An attacker modifies the URL to point to the server's admin page:
POST /product/stock
stockApi=http://localhost/admin
The server fetches and returns restricted admin data, bypassing access controls.
Why Does This Happen?
- Access Control Gaps: Checks are skipped for local requests.
- Recovery Features: Admin access is granted to local users without authentication.
- Hidden Interfaces: Admin tools on separate ports trust local machine requests.
Protect Against SSRF
- Validate and sanitize input URLs.
- Use URL whitelists.
- Restrict internal service access.
SSRF can be critical, but good design and input validation can prevent it.
Acknowledgment: This document references information from PortSwigger Web Security and ChatGPT.
Top comments (0)