We covered SSRF vulnerability as part of TryHackMe SSRF room from the Junior Penetration Tester pathway.
What is an SSRF?
SSRF stands for Server-Side Request Forgery. It’s a vulnerability that allows a malicious user to cause the webserver to make an additional or edited HTTP request to the resource of the attacker’s choosing.
Types of SSRF
There are two types of SSRF vulnerability; the first is a regular SSRF where data is returned to the attacker’s screen. The second is a Blind SSRF vulnerability where an SSRF occurs, but no information is returned to the attacker’s screen.
What’s the impact?
A successful SSRF attack can result in any of the following:
- Access to unauthorised areas.
- Access to customer/organisational data.
- Ability to Scale to internal networks.
- Reveal authentication tokens/credentials.
As opposed to a regular SSRF, what is the other type?
What IP address may contain sensitive data in a cloud environment?
What type of list is used to permit only certain input?
What type of list is used to stop certain input?