General Information

Server Side Request Forgery

Variants:
Direct Persistent Session 

Also Known As:
Resource Injection

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Input Validation, Secure Design

Invented In:
17/05/2013

Added In:
08/12/2014


Vector Operation Method:
Malicious inputs can enable attackers to gain access to restricted backend servers and services, forge requests from the server to external entities or enumerate the structure of internal networks


Direct Variant:

SSRF

Variant Title:
SSRF

Typical Severity:
Medium

Learn More:




Persistent Variant:

Stored SSRF

Also Known As:
Persistent SSRF

Typical Severity:
Medium

Resources:

White Papers:

Learn More:


Session Variant:

SSRF via Session Puzzling

Also Known As:
Session SSRF

Typical Severity:
Medium

Resources:

White Papers:

Learn More: