SSRF: Server side request forgery. -An attacker can make further HTTP request through the server -make use of vulnerability to communicate with any internal services on the server’s network -Process:
- attacker finds an SSRF vulnerability on a website
- Firewall allows all requests to the website
- attacker exploits the SSRF vuln by forcing the webserver to request data from database
- Firewall allows the request because it is coming from the webserver and not the attacker