Create Your First Project

Start adding your projects to your portfolio. Click on "Manage Projects" to get started

.pro-gallery-wix-wrapper {display: block !important;} .pro-gallery-wix-wrapper .gallery-item-container {opacity: 1 !important; display: block !important;}

SSRF ( Side Request Forgery)

Project Type

Photography

Date

April 2023

SSRF stands for Server Side Request Forgery. In SSRF attack, attacker can send requests on behalf of a victim server and this allows the attacker to pretend to be that server on the network using the ability to forge requests from the trusted servers. An attacker can now conduct all kinds of attacks o the network depending on the permissions given to the vulnerable server.

After SSRF attack, attackers can :-
Read sensitive files.
Make internal API calls.
Access internal services (admin panel, databases, etc.)
SSRF attack happens when server requests external resources based on user input. SSRF is caused by lack of limiting access to internal resources.

Mitigation / Prevention
Validate user-supplied URL.
Whitelist / blacklist URLs.
Disable unused URL schemes.
Authentication on internal services.

.pro-gallery-wix-wrapper {display: block !important;} .pro-gallery-wix-wrapper .gallery-item-container {opacity: 1 !important; display: block !important;}