Server-Side Request Forgery

About 297 results

Open links in new tab

Any time

portswigger.net
https://portswigger.net › web-security › ssrf
Server-side request forgery (SSRF) - PortSwigger
In this section we explain what server-side request forgery (SSRF) is, and describe some common examples. We also show you how to find and exploit SSRF vulnerabilities.
portswigger.net
https://portswigger.net › burp › documentation › desktop › testing-workflow › ssrf
Testing for SSRF vulnerabilities with Burp Suite - PortSwigger
Dec 16, 2025 · Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location.
portswigger.net
https://portswigger.net › web-security › ssrf › blind
Blind SSRF vulnerabilities | Web Security Academy - PortSwigger
In this section, we'll explain what blind server-side request forgery is, describe some common blind SSRF examples, and explain how to find and exploit blind SSRF vulnerabilities.
portswigger.net
https://portswigger.net › web-security › learning-paths › ssrf-attacks
Server-side request forgery (SSRF) attacks - PortSwigger
This learning path teaches you about server-side request forgery (SSRF). You'll learn about its impact, common techniques used in attacks, and how to defend against them.
portswigger.net
https://portswigger.net › burp › documentation › desktop › testing-workflow › s…
Testing for SSRF with Burp Suite - PortSwigger
Dec 16, 2025 · Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location.
portswigger.net
https://portswigger.net › web-security › ssrf › lab-basic-ssrf-against-localhost
Lab: Basic SSRF against the local server - PortSwigger
Visit a product, click "Check stock", intercept the request in Burp Suite, and send it to Burp Repeater. Change the URL in the stockApi parameter to http://localhost/admin.
portswigger.net
https://portswigger.net › web-security › csrf › xss-vs-csrf
XSS vs CSRF | Web Security Academy - PortSwigger
CSRF can be described as a "one-way" vulnerability, in that while an attacker can induce the victim to issue an HTTP request, they cannot retrieve the response from that request.
portswigger.net
https://portswigger.net › web-security › learning-paths › server-side-vulnerabili…
Server-side vulnerabilities - PortSwigger
This learning path introduces you to a range of common server-side vulnerabilities. This is perfect if you're new to web security and want to get an overview of the kinds of vulnerabilities that exist, as …
portswigger.net
https://portswigger.net › web-security › ssrf › url-validation-bypass-cheat-sheet
URL validation bypass cheat sheet - PortSwigger
This cheat sheet contains payloads for bypassing URL validation. These wordlists are useful for attacks such as server-side request forgery, CORS ...
portswigger.net
https://portswigger.net › web-security › llm-attacks
Web LLM attacks | Web Security Academy - PortSwigger
At a high level, attacking an LLM integration is often similar to exploiting a server-side request forgery (SSRF) vulnerability. In both cases, an attacker is abusing a server-side system to launch attacks on …

Pagination
- 1
- 2
- 3
- Next