Server-Side Request Forgery (SSRF)

Question 1

What’s SSRF?

Answer 1

occurs when an attacker is able to make a server-side application send arbitrary requests to other internal or external systems

Question 2

How can be SSRF vulnerabilities exploited?

Answer 2

1. bypass network security controls
2. access sensitive data
3. perform unauthorized actions
4. conduct attacks against other systems reachable by the targeted server

Question 3

What is the attack process of SSRF?

Answer 3

1. attacker crafts a malicious request that includes a URL to the targeted system
2. the URL can be supplied as user input, such as through a form field or query parameter
3. the server-side application processes the request and sends the specified URL, often without proper validation or sanitization
4. the targeted server receives the request from the server-side application, which appears to originate from within its trusted network, allowing the attacker to access internal resources or attack other systems

Question 4

What are the potential consequences of SSRF?

Answer 4

• unauthorized access to internal resources or systems
• data leakage or retrieval of sensitive information
• attacks against other systems accessible by the targeted server
• potential for remote code execution or remote command execution

Question 5

What is the prevention and mitigation of SSRF?

Answer 5

• Input Validation and Sanitization
• Whitelisting
• Network Segmentation
• Server Configuration
• Regular Security Testing