Server Side Request Forgery (SSRF)

What is SSRF

It’s a type of security vulnerability where an attacker tricks a server into making requests on behalf of the attacker.

That means we can send request not as our computer but as the web server itself.

How can we use it

Since we are able to perform requests as the server itself we can gain access to the resources or reach functionalities that only web server have privileges to access.

It can lead to other vulnerabilities such as Sensitive Data Exposure or even Remote Code Execution.

Video Explaination