SSRF

Server-Side Request Forgery (SSRF)

Server-Side Request Forgery is a web security vulnerability that allows an attacker to cause the server-side application to make requests to an unintended location

Example 1

<?php
$new_page = $_GET["page"];
header("Location:   $new_page");
?>

Here one can just supply any URL as the page parameter; http://remote.com?page=http://10.10.10.10

It will result in a redirect to the given url.

Example 2 (LFI)

<?php  
$url = $_GET["url"];  
$content = file_get_contents($url);  
echo $content;  
?>

This is a normal LFI, those it can still be classified as SSRF.

One can just use a file as the url parameter and read it; http://remote.com?url=/etc/passwd

PreviousFile Upload NextCSRF

Last updated 6 months ago