Server-side Request Forgery
   HOME

TheInfoList



Click Here for Items Related To - Server-side Request Forgery
OR:
Server-side Request Forgery on:   [Wikipedia]   [Google]   [Amazon]

Server-side request forgery (SSRF) is a type of computer security
exploit Exploit means to take advantage of something (a person, situation, etc.) for one's own end, especially unethically or unjustifiably. Exploit can mean: *Exploitation of natural resources *Exploit (computer security) * Video game exploit *Exploitat ...
where an attacker abuses the functionality of a server causing it to access or manipulate information in the realm of that server that would otherwise not be directly accessible to the attacker. Similar to
cross-site request forgery Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced ''sea-surf'') or XSRF, is a type of malicious exploit of a website or web application where unauthorized commands are submitt ...
which utilises a
web client A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...
, for example, a web browser, within the domain as a proxy for attacks; an SSRF attack utilizes a vulnerable server within the domain as a
proxy Proxy may refer to: * Proxy or agent (law), a substitute authorized to act for another entity or a document which authorizes the agent so to act * Proxy (climate), a measured variable used to infer the value of a variable of interest in climate re ...
. If a parameter of a URL is vulnerable to this attack, it is possible an attacker can devise ways to interact with the server directly (ie: via 127.0.0.1 or localhost) or with the backend servers that are not accessible by the external users. An attacker can practically scan the entire network and retrieve sensitive information.


Types


Basic

In this type of attack the response is displayed to the attacker. The server fetches the URL requested by the attacker and sends the response back to the attacker.


Blind

In this type of attack the response is not sent back to the attacker. Therefore, the attacker has to devise ways to confirm this vulnerability.


References

Computer security exploits {{computer-security-stub