Server Side Request Forgery

What is SSRF

Server Side Request Forgery, the name itself tells us that the vulnerability allows the attacker to make the server side application to send requests to an unintended location.

They may force the server to connect to an arbitrary external system, potentially leaking sensitive data such as authorization credentials.

Impact of SSRF

• Successful SSRF attack can give the attacker access to data within the organization

• It can also lead to give a RCE

SSRF attacks often exploit trust relationships to escalate an attack from the vulnerable application and perform unauthorized actions. These trust relationships might exist in relation to the server itself, or in relation to other back-end systems within the same organization