Server-side request forgery

In computer security, server-side request forgery (SSRF) is a type of exploit where an attacker abuses the functionality of a server causing it to access or manipulate information in the realm of that server that would otherwise not be directly accessible to the attacker.[1]

Similar to cross-site request forgery which utilises a web client, for example, a web browser, within the domain as a proxy for attacks; an SSRF attack utilizes an insecure server within the domain as a proxy.

If a parameter of a url is vulnerable to this attack, it is possible an attacker can devise ways to interact with the server directly (ie: via 127.0.0.1 or localhost) or with the backend servers that are not accessible by the external users. An attacker can practically scan the entire network and retrieve sensitive information.

Types of SSRF -

i. Basic SSRF: Here the response is displayed to the attacker.

ii. Blind SSRF: Here the response is not displayed to the attacker. (Difficult to detect at first sight)

Basic SSRF:

In this type of attack the response is displayed to the attacker. The server fetches the URL requested by the attacker and sends the response back to the attacker.

Blind SSRF:

In this type of attack the response is not sent back to the attacker. Therefore, the attacker has to devise ways to confirm this vulnerability.