It is a well-known fact that Web applications can trigger requests between different HTTP servers. This is usually done to fetch remote resources like software updates or to import metadata from a specific URL or another web application. Under ordinary circumstances, such inter-server requests are safe. However, if implemented incorrectly, it can render the server vulnerable to Server Side Request Forgery.
Server-Side Request Forgery/ย SSRF is essentially a web security vulnerability that allows an attacker to stimulate a server-side application that is not externally accessible to make HTTP requests to an arbitrary domain of the attackerโs choosing.
Sometimes there are needs to retrieve information from a web application; this could be internal sources such as RSS feed on another website or server sider requests to fetch the resource and include it in the web application. For example, in an SSRF attack against the server itself, a developer can use a certain URL to retrieve the remote feed. If the attacker can change the URL parameter, he can view the local resources hosted on the server, making said server vulnerable.
This means that in the event of a successful SSRF attack, the attacker can change a parameter used on the web application in a mala fideย manner to create or control requests from the vulnerable server. Such control can result in the following adverse actions:
In a typical instance of SSRF Attack, the attacker has to send a request to the vulnerable web server that abuses SSRF vulnerability. The web server then makes a request to the victimโs server which sits behind a firewall. This would entail a response with data from the Victimโs server. Now, if the specific SSRF vulnerability permits it, the data is sent back to the attacker. This is how an attacker scans an internal network. The reason behind said actions are that the attacker cannot send direct requests to the victimโs server, because a firewall blocks them.
It is pretty clear from the above explanation that the most resulted outcome/ impact of exploiting SSRF vulnerabilityย is information disclosure of an organization via unauthorized actions, such as:
1. ย ย ย The possibility to scan ports and IP addresses.
2. ย ย ย Interaction with some protocols such as Gopher which allows one to make further discoveries.
3. ย ย ย Discovering the IP addresses of servers running behind a reverse proxy.
4. ย ย ย Execution of code remotely
There are several consequences to SSRF attacks, some that are more severe than others. This is mainly dependent on how the web application uses responses from the remote resource.
It is necessary to circumvent SSRF behaviours. Defences must be taken against the malicious exploitation of information that should not be available to anyone without authorized access.
In brief, anย SSRF attack can abuse the functionality on the server to read or update internal resources while destroying trust relationships as well. Through said SSRF attack, one can not only read server configuration but to a certain extent will also be able to read the contents of files which they obtain unauthorized access to. It is necessary to take all necessary precautions to ensure that there is no unwarranted or unauthorized access to information of an organization or individual stored in a web application.
So, have you made up your mind to make a career in Cyber Security? Visit ourย Master Certificate in Cyber Security (Red Team)ย for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give them an edge in this competitive world.
Fill in the details to know more
What Is Asset Classification?
March 20, 2023
Masquerade Attack โ Everything You Need To Know!
February 27, 2023
Best Infosys Information Security Engineer Interview Questions and Answers
What Are SOC and NOC In Cyber Security? What’s the Difference?
A Brief Introduction to Cyber Security Analytics
February 26, 2023
Cyber Safe Behaviour In Banking Systems
February 17, 2023
Add your details:
By proceeding, you agree to our privacy policy and also agree to receive information from UNext through WhatsApp & other means of communication.
Upgrade your inbox with our curated newletters once every month. We appreciate your support and will make sure to keep your subscription worthwhile