It is a well-known fact that Web applications can trigger requests between different HTTP servers. This is usually done to fetch remote resources like software updates or to import metadata from a specific URL or another web application. Under ordinary circumstances, such inter-server requests are safe. However, if implemented incorrectly, it can render the server vulnerable to Server Side Request Forgery.
Server-Side Request Forgery/ SSRF is essentially a web security vulnerability that allows an attacker to stimulate a server-side application that is not externally accessible to make HTTP requests to an arbitrary domain of the attacker’s choosing.
Sometimes there are needs to retrieve information from a web application; this could be internal sources such as RSS feed on another website or server sider requests to fetch the resource and include it in the web application. For example, in an SSRF attack against the server itself, a developer can use a certain URL to retrieve the remote feed. If the attacker can change the URL parameter, he can view the local resources hosted on the server, making said server vulnerable.
This means that in the event of a successful SSRF attack, the attacker can change a parameter used on the web application in a mala fide manner to create or control requests from the vulnerable server. Such control can result in the following adverse actions:
In a typical instance of SSRF Attack, the attacker has to send a request to the vulnerable web server that abuses SSRF vulnerability. The web server then makes a request to the victim’s server which sits behind a firewall. This would entail a response with data from the Victim’s server. Now, if the specific SSRF vulnerability permits it, the data is sent back to the attacker. This is how an attacker scans an internal network. The reason behind said actions are that the attacker cannot send direct requests to the victim’s server, because a firewall blocks them.
It is pretty clear from the above explanation that the most resulted outcome/ impact of exploiting SSRF vulnerability is information disclosure of an organization via unauthorized actions, such as:
1. The possibility to scan ports and IP addresses.
2. Interaction with some protocols such as Gopher which allows one to make further discoveries.
3. Discovering the IP addresses of servers running behind a reverse proxy.
4. Execution of code remotely
There are several consequences to SSRF attacks, some that are more severe than others. This is mainly dependent on how the web application uses responses from the remote resource.
It is necessary to circumvent SSRF behaviours. Defences must be taken against the malicious exploitation of information that should not be available to anyone without authorized access.
In brief, an SSRF attack can abuse the functionality on the server to read or update internal resources while destroying trust relationships as well. Through said SSRF attack, one can not only read server configuration but to a certain extent will also be able to read the contents of files which they obtain unauthorized access to. It is necessary to take all necessary precautions to ensure that there is no unwarranted or unauthorized access to information of an organization or individual stored in a web application.
So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give them an edge in this competitive world.