What is a Server Side Request Forgery attack?
Server-Side Request Forgery, also known as SSRF refers to an attack that lets an attacker send crafted requests from the back-end server of a vulnerable web application.
SSRF is commonly used by attackers to target internal networks that are behind firewalls and can not be reached from the external network.
If the user-supplied URL is processed and the back-end response is not sanitized then the attack can lead to several impacts.
How is an SSRF Vulnerability Exploited?
There are 2 ways by which an SSRF vulnerability is usually exploited:
Trying to access or load sensitive content from the server. This test is for local and remote file inclusion.
Trying to access a trust relationship that often emerges when the application server connects with back-end systems that have private IP addresses that are not routable and mostly limited to public users.
A more detailed version along with the impact and how you can prevent the SSRF attack is published at https://beaglesecurity.com/blog/article/server-side-request-forgery-attack.html
Top comments (0)