DEV Community

sanjanashetty16
sanjanashetty16

Posted on

Server Side Request Forgery Attack

What is a Server Side Request Forgery attack?

Server-Side Request Forgery, also known as SSRF refers to an attack that lets an attacker send crafted requests from the back-end server of a vulnerable web application.
SSRF is commonly used by attackers to target internal networks that are behind firewalls and can not be reached from the external network.

If the user-supplied URL is processed and the back-end response is not sanitized then the attack can lead to several impacts.

How is an SSRF Vulnerability Exploited?

There are 2 ways by which an SSRF vulnerability is usually exploited:

  1. Trying to access or load sensitive content from the server. This test is for local and remote file inclusion.

  2. Trying to access a trust relationship that often emerges when the application server connects with back-end systems that have private IP addresses that are not routable and mostly limited to public users.

A more detailed version along with the impact and how you can prevent the SSRF attack is published at https://beaglesecurity.com/blog/article/server-side-request-forgery-attack.html

Top comments (0)