SSRF stands for Server-Side Request Forgery. These can lead to exfiltration of sensitive data, counterfeit requests. and denial of service. An SSRF attack can induce an application to make requests to a malicious URL. This type of attack includes defining an external entity with the target URL and then using that entity in the response’s data value. This can allow the attacker to view responses from the URL and interact with the back end. An SSRF attack can cause the server to make a connection within the internal infrastructure, or force a connection to arbitrary external systems to leak credentials.[^1] a POST request can be made with the API address set to something like http://localhost/admin .[^1] SSRFs can also be used to manipulate user deletion logic.[^1] SSRFs can allow threat actors to map networks, identify vulnerable services, and steal credentials. SSRF can access sensitive cloud metadata services from within a server. Internal IP addresses that may be vulnerable to SSRF are 127.0.0.1, 10.x.x.x, 192.168.x.x, and 169.254.x.x
[[XXE]] – can be used for an SSRF
[[SSRG]] – blind attack
[[XXE-Based SSRF]]
[[Capital One Breach]] – used an SSRF
[[Vulnerability Chaining]] – when an SSRF is combined with something else, it can have a very high severity
[[Cloud Platform Security]] – can use an SSRF to access the internal webserver for EC2 instances
[[Rockwell Automation Thin Manager Vulnerability]] – SSRF
Backlinks
[[API Vulnerabilities]]
[[Bug Bounty Target Checklist]]
[[Denial of Service Attack]]
[[DoS]]
[[HTTP]]
IP Addresses
[[Vulnerability Classes]]
Sources
[1]Site_PortSwigger