SSRF

Server-Side Request Forgery (SSRF) is a vulnerability where an attacker tricks a web server into making unauthorized requests, often by manipulating user-supplied URLs. This can allow access to internal systems, bypass firewalls, and expose sensitive data.

The following URL schemes are commonly used in the exploitation of SSRF vulnerabilities

http:// and https://: These URL schemes fetch content via HTTP/S requests. An attacker might use this in the exploitation of SSRF vulnerabilities to bypass WAFs, access restricted endpoints, or access endpoints in the internal network
file://: This URL scheme reads a file from the local file system. An attacker might use this in the exploitation of SSRF vulnerabilities to read local files on the web server (LFI)
gopher://: This protocol can send arbitrary bytes to the specified address. An attacker might use this in the exploitation of SSRF vulnerabilities to send HTTP POST requests with arbitrary payloads or communicate with other services such as SMTP servers or databases

Exploiting SSRF vulnerabilities can lead to:

Interacting with known internal systems
Discovering internal services via port scans
Disclosing local/sensitive data
Including files in the target application
Leaking NetNTLM hashes using UNC Paths (Windows)
Achieving remote code execution

PreviousSERVER-SIDE Next01.DISCOVERY

Last updated 3 months ago