Jump to content

Server-side request forgery

From Wikipedia, the free encyclopedia

Server-side request forgery (SSRF) is a type of computer security exploit where an attacker abuses the functionality of a server causing it to access or manipulate information in the realm of that server that would otherwise not be directly accessible to the attacker.[1][2]

Similar to cross-site request forgery which utilizes a web client, for example, a web browser, within the domain as a proxy for attacks; an SSRF attack utilizes a vulnerable server within the domain as a proxy.

If a parameter of a URL is vulnerable to this attack, it is possible an attacker can devise ways to interact with the server directly (via localhost) or with the backend servers that are not accessible by the external users. An attacker can practically scan the entire network and retrieve sensitive information.

Types

[edit]

Basic

[edit]

In this type of attack the response is displayed to the attacker. The server fetches the URL requested by the attacker and sends the response back to the attacker.

Blind

[edit]

In this type of attack the response is not sent back to the attacker. Therefore, the attacker has to devise ways to confirm this vulnerability.

References

[edit]
  1. ^ "The Open Web Application Security Project". OWASP.org. Retrieved 23 July 2018.
  2. ^ "CWE-918: Server-Side Request Forgery (SSRF)". CWE.Mitre.org. Retrieved 4 Oct 2022.