What is SSRF attack?
Sep 24, 2022
SSRF stands for Server Side Request Forgery. In SSRF attack, attacker can send requests on behalf of a victim server and this allows the attacker to pretend to be that server on the network using the ability to forge requests from the trusted servers. An attacker can now conduct all kinds of attacks o the network depending on the permissions given to the vulnerable server.
After SSRF attack, attackers can :-
- Read sensitive files.
- Make internal API calls.
- Access internal services (admin panel, databases, etc.)
SSRF attack happens when server requests external resources based on user input. SSRF is caused by lack of limiting access to internal resources.
Mitigation / Prevention
- Validate user-supplied URL.
- Whitelist / blacklist URLs.
- Disable unused URL schemes.
- Authentication on internal services.
