A server-side request forgery (SSRF) vulnerability allows an attacker to make a server perform unintended network requests. Like a cross-site request forgery (CSRF) vulnerability, an SSRF abuses another system to perform malicious actions. While a CSRF exploits another user, an SSRF exploits a targeted application server. As with CSRFs, SSRF vulnerabilities can vary in impact and execution methods. However, just because you can make a targeted server send requests to other arbitrary servers doesn’t mean the targeted application is vulnerable. The application may intentionally allow this behavior. For this reason, ...

Get Real-World Bug Hunting now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.