Server-side request forgery (SSRF)

Server-side request forgery (SSRF)

Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location.

Exploitation

This webapp has a stock check feature which fetches data from an internal system using an url. We are going to exploit it to access admin interface at http://localhost/admin.

We will click on check stock button and intercept the request in burp.

As you can see it was using url of an api to fetch data. Let’s replace the url with http://localhost.

Great!, we have accessed internal admin interface.

References

• https://portswigger.net/web-security/ssrf
• https://owasp.org/Top10/A102021-Server-Side_Request_Forgery%28SSRF%29/