10SERVER-SIDE REQUEST FORGERY

Image

A server-side request forgery (SSRF) vulnerability allows an attacker to make a server perform unintended network requests. Like a cross-site request forgery (CSRF) vulnerability, an SSRF abuses another system to perform malicious actions. While a CSRF exploits another user, an SSRF exploits a targeted application server. As with CSRFs, SSRF vulnerabilities can vary in impact and execution methods. However, just because you can make a targeted server send requests to other arbitrary servers doesn’t mean the targeted application is vulnerable. The application may intentionally allow this behavior. For this reason, ...

Get Real-World Bug Hunting now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.