SSRF

ABOUT

Server-Side Request Forgery is a web security vulnerability that allows an attacker to cause the server-side application to make requests to an unintended location.

In a typical SSRF attack, the attacker might cause the server to make a connection to internal-only services within the organization's infrastructure. In other cases, they may be able to force the server to connect to arbitrary external systems. This could leak sensitive data, such as authorization credentials.

EXAMPLES

Here we are exploiting simple shop app, where it send request to API, which we can change to admin deletion page, because request is made from localhost.