SSRF

Server-side request forgery

In a SSRF attack an attacker tricks the compromised server into issuing requests. Since these requests will be issued from the server, the attacker may gain access to resources that are accessible by this server only (such as internal resources or source IP restricted resources).

Source attribution

Some parts of this page are based on Server side request forgery by OWASP, which is licensed under FLOSS.

PreviousProtecting against CSRF attacks NextSSRF: how it works and how we can protect against it

Last updated 2 years ago