Server-side request forgery ( SSRF ) is a type of computer security exploit where an attacker abuses the functionality of a server causing it to access or manipulate information in the realm of that server that would otherwise not be directly accessible to the attacker.
4-524: SSRF may refer to: Server-side request forgery , a type of security exploit Shanghai Synchrotron Radiation Facility Small Scale Raiding Force , a British Commando unit during the Second World War Topics referred to by the same term [REDACTED] This disambiguation page lists articles associated with the title SSRF . If an internal link led you here, you may wish to change
8-421: A web client , for example, a web browser, within the domain as a proxy for attacks; an SSRF attack utilizes a vulnerable server within the domain as a proxy . If a parameter of a URL is vulnerable to this attack, it is possible an attacker can devise ways to interact with the server directly (via localhost) or with the backend servers that are not accessible by the external users. An attacker can practically scan
12-457: The entire network and retrieve sensitive information. In this type of attack the response is displayed to the attacker. The server fetches the URL requested by the attacker and sends the response back to the attacker. In this type of attack the response is not sent back to the attacker. Therefore, the attacker has to devise ways to confirm this vulnerability. This computer security article
16-428: The link to point directly to the intended article. Retrieved from " https://en.wikipedia.org/w/index.php?title=SSRF&oldid=1029893842 " Category : Disambiguation pages Hidden categories: Short description is different from Wikidata All article disambiguation pages All disambiguation pages Server-side request forgery Similar to cross-site request forgery which utilizes
#634365