S. S. R. F.

In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running on the server will read or submit data to, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like http enabled databases or perform post requests towards internal services which are not intended to be exposed.

This attack was rediscovered as X.S.P.A. (Cross Site Port Attack) by Riyaz Walikar .

References:

  1. https://owasp.org/www-community/attacks/Server_Side_Request_Forgery
  2. https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html
  3. https://ibreak.software/2012/11/cross-site-port-attacks-xspa-part-1/
  4. https://cwe.mitre.org/data/definitions/918.html

List of S.S.R.F. Flaws

Status Component Name Version Disclosed By Disclosure Date Access Level CVE-Number
wp-plugin : rsvpmaker 8.6.4 Shreya Pohekar 2021/06/29 Administrator CVE-2021-24371
wp-plugin : all-in-one-social-lite 1 Prajalkulkarni 2014/05/28 Unauthenticated Not Assigned
wp-plugin : flog 1.0beta3 Prajalkulkarni 2014/05/28 Unauthenticated Not Assigned
wp-plugin : jrss-widget 1.2 Prajalkulkarni 2014/05/28 Unauthenticated Not Assigned