Server-side request forgery

What is SSRF?

Server-side request forgery is a web security vulnerability that allows an attacker to cause the server-side application to make requests to an unintended location.

In a typical SSRF attack, the attacker might cause the server to make a connection to internal-only services within the organization's infrastructure. In other cases, they may be able to force the server to connect to arbitrary external systems. This could leak sensitive data, such as authorization credentials.

Bypass filtering:

<div class="col-xs-4">
    <div class="avatar-image" style="background-image: url('/assets/avatars/5.png')"></div>
    <input type="radio" name="avatar" value="exploit">
</div>
                                

SSRF attacks against the server

🧪Lab: Basic SSRF against the local server

SSRF attacks against other back-end systems

🧪Lab: Basic SSRF against another back-end system