KrazePlanetLabs - SSRF Labs

About SSRF Vulnerabilities

Server-Side Request Forgery (SSRF) vulnerabilities occur when an application makes server-side requests to user-supplied URLs without proper validation, allowing attackers to make requests to internal services or external systems.

Common SSRF Sources

URL Parameters: url, link, href, src

Media Parameters: image, photo, avatar, thumbnail

Webhook Parameters: webhook, callback, endpoint

API Parameters: api, endpoint, service

Fetch Parameters: fetch, get, load

Common SSRF Targets

Internal Services: http://localhost:8080, http://127.0.0.1:3306

Cloud Metadata: http://169.254.169.254/, http://metadata.google.internal/

Database Services: http://localhost:3306, http://localhost:5432

File Protocols: file:///etc/passwd, file:///C:/Windows/System32/drivers/etc/hosts

Protocol Confusion: gopher://, dict://, ldap://

Real-World Impact

Access to internal services and APIs

Cloud metadata and credentials exposure

Database access and data exfiltration

Local file system access

Port scanning and service enumeration

Bypassing firewalls and network restrictions

SSRF Bootcamp

About SSRF Vulnerabilities

Common SSRF Sources

Common SSRF Targets

Real-World Impact