SSRF - Server Side Request Forgery
Server Side Request Forgery can occur in different forms. It occurs when the server makes an HTTP request to an URL which we can control. If we can make the server execute HTTP requests to an arbritrary webserver, we have an SSRF request on our hands.
Usually we will abuse this vulnerability as bug bounty hunters by making the server execute a request to itself on a port which only accepts requests from the internal network or to other servers who also only accept requests from the internal network.
Another way to abuse this vulnerability would be to make a request to a third party or external server that only accepts requests coming from our target.
Let's give you guys an example to make things more clear:
If the attacker tries to make a request to a webserver, it will return a 200 OK
However, if the attacker tries to request data straight from the API server, the get a 403 forbidden because it's only accesible from the internal network. This is expected behavior.
To illustrate how SSRF requests work, we will first discuss an imaginary software system for saving a profile picture.
