Server-side request forgery

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

In computer security, server-side request forgery (SSRF) is a type of exploit where an attacker abuses the functionality of a server causing it to access or manipulate information in the realm of that server that would otherwise not be directly accessible to the attacker.[1]

Similar to cross-site request forgery which utilises a web client, for example, a web browser, within the domain as a proxy for attacks; an SSRF attack utilises an insecure server within the domain as a proxy.


  1. ^ "The Open Web Application Security Project". Retrieved 23 July 2018.