Server-Side Request Forgery (SSRF)
highssrf-attack
Attacker tricks server into making requests to internal resources or external systems
Information DisclosureElevation of Privilege
MITRE ATT&CK techniques
| ID | Name | Tactic |
|---|---|---|
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1046 | Network Service Discovery | Discovery |
Common Weakness Enumeration
Mitigating controls
ctrl-ssrf-1- Validate and sanitize all user-supplied URLs
ctrl-ssrf-2- Implement allowlists for permitted destination hosts
ctrl-ssrf-3- Block requests to internal IP ranges and metadata endpoints
ctrl-ssrf-4- Use network segmentation to limit server access
ctrl-ssrf-5- Disable unnecessary URL schemes (file://, gopher://, etc.)