# Server-Side Request Forgery (SSRF)

SSRF attacks can happen if a server fetches external sources based on user supplied data.

A10:2021

# Background

# Context

Sometimes server require to fetch external resources (APIs, images, config files, ...) to provide certain functions. If these requests are generated based on user supplied URIs, SSRF attacks are possible.

Requests can when be directed at:

  • The server itself to gain access to admin routes or access restricted files
  • Other servers in the same infrastructure to for example scan ports
  • External servers

# Problems

  • Attackers can potentially launch attacks within the servers infrastructure
  • Data can be lost

# Solutions

# Technology

See Validation

Last Updated: 7/3/2022, 3:51:46 PM