Comment on page
Server-Side Request Forgery
Explore Pynt's documentation on security tests for server-side request forgery! Learn how Pynt protects your APIs against this critical vulnerability.
SSRF occurs when an attacker can manipulate the input parameters of a web application that requests resources from other servers, such as databases, web services, or other APIs.
The attacker can exploit this vulnerability to send forged requests to internal servers that are not meant to be exposed to the internet, such as backend systems or databases. This can result in unauthorized access, data theft, or other malicious activities that can compromise the security of the entire web application or the network it is hosted on.
SSRF vulnerabilities occur due to a lack of input validation and inadequate access controls. Specifically, when applications allow untrusted input to be used in making requests to other servers, they can be exploited by attackers to manipulate these requests and send them to unintended targets
from flask import Flask, request
app = Flask(__name__)
url = request.args.get('url')
response = requests.get(url)
if __name__ == '__main__':
In this example, the Flask web application takes a URL parameter from the user and makes a GET request to that URL using the
requestslibrary. However, there is no input validation or sanitization being performed on the URL parameter, which means an attacker can pass in a malicious URL that points to an internal server or other restricted resource.
For example, an attacker could make a request like this:
This would cause the web application to make a request to an internal server at IP address
192.168.0.1, which may contain sensitive data or be otherwise restricted. By exploiting this SSRF vulnerability, the attacker could potentially gain access to this internal resource and compromise the security of the network.
Validate and sanitize user input before using it to make requests to external resources. One approach would be to use a whitelist of allowed URLs, or to restrict the URLs that can be accessed based on the user's permissions or role.
This test case tries to manipulate a URL to access a local file on the server