View Attack Vector

General Information

Server Side Request Forgery

Variants:
Direct Persistent Session

Also Known As:
Resource Injection

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Input Validation, Secure Design

Invented In:
17/05/2013

Added In:
08/12/2014

Vector Operation Method:
Malicious inputs can enable attackers to gain access to restricted backend servers and services, forge requests from the server to external entities or enumerate the structure of internal networks

Direct Variant:

SSRF

Variant Title:
SSRF

Typical Severity:
Medium

Resources:

CWE

OWASP Attacks

Other I

White Papers:

Paper I

Paper II

Learn More:

Persistent Variant:

Stored SSRF

Also Known As:
Persistent SSRF

Typical Severity:
Medium

Resources:

White Papers:

Learn More:

Session Variant:

SSRF via Session Puzzling

Also Known As:
Session SSRF

Typical Severity:
Medium

Resources:

White Papers:

Learn More: