Server Side Request Forgery (SSRFServer Side Request Forgery (SSRF) is a type of attack that takes advantage of user submitted URLs that are not validated before being followed in the server code) attacks take place when the server calls a user-submitted URL without verification.
Imagine that a user can add a URL that is sent to the server. The server fetches the information and returns it to be displayed for the user. If the URL is not verified, a potential attacker could send a URL such as: “file:///” and obtain the list of root directories on your server. Other example of uses follow:
This vulnerability takes advantage of the fact that the calls from the server are not limited by firewalls and monitoring systems, as would calls through the web interface.
To avoid this vulnerability:
More sophisticated attacks can take advantage of URL encoding or base64 encoding.
A particularly difficult attack to prevent takes advantage of DNS records. It first passes the validation, but changes the DNS records by the time the call is made. This is called DNS rebinding, or “time of check, time of use” (TOCTOU) race conditions.