Top Qs
Timeline
Chat
Perspective
Server-side request forgery
Type of computer security exploit From Wikipedia, the free encyclopedia
Remove ads
Remove ads
Server-side request forgery (SSRF) is a type of computer security exploit where an attacker abuses the functionality of a server causing it to access or manipulate information in the realm of that server that would otherwise not be directly accessible to the attacker.[1][2]
 | This article needs additional citations for verification. (October 2022) |
Similar to cross-site request forgery which utilizes a web client, for example, a web browser, within the domain as a proxy for attacks; an SSRF attack utilizes a vulnerable server within the domain as a proxy.
If a parameter of a URL is vulnerable to this attack, it is possible an attacker can devise ways to interact with the server directly (via localhost) or with the backend servers that are not accessible by the external users. An attacker can practically scan the entire network and retrieve sensitive information.
Remove ads
Types
Basic
In this type of attack the response is displayed to the attacker. The server fetches the URL requested by the attacker and sends the response back to the attacker.
Blind
In this type of attack the response is not sent back to the attacker. Therefore, the attacker has to devise ways to confirm this vulnerability.
References
Wikiwand - on
Seamless Wikipedia browsing. On steroids.
Remove ads