A10:2021 | Server Side Request Forgery (1) | Cycubix Docs

Concept

In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources.

The attacker can supply or modify a URL which the code running on the server will read or submit data to. Moreover, by carefully selecting the URLs, the attacker may read server configuration such as AWS metadata, connect to internal services like HTTP enabled databases, or perform post requests towards internal services that are not intended to be exposed.

Goals

In the exercises on the following pages, you need to examine what the browser sends to the server and adjust the request to get other things from the server.

SSRF How-To

https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF

A New Era of SSRF by Orange Tsai

PreviousA10:2021 | Client Side Request Forgery | Cycubix Docs NextA10:2021 | Server Side Request Forgery (2) | Cycubix Docs

Last updated 8 days ago