{"id":49523,"date":"2016-05-12T10:54:25","date_gmt":"2016-05-12T17:54:25","guid":{"rendered":"https:\/\/blogs.mcafee.com\/?p=49523"},"modified":"2024-02-19T22:13:10","modified_gmt":"2024-02-20T06:13:10","slug":"server-side-request-forgery-takes-advantage-vulnerable-app-servers","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/","title":{"rendered":"Server-Side Request Forgery Takes Advantage of Vulnerable App Servers"},"content":{"rendered":"<p><em>This blog was written by Kunal Garg.<\/em><\/p>\n<p>Server-side request forgery is an attack in which an attacker can force a vulnerable server to trigger malicious requests to third-party servers and or to internal resources. This vulnerability can then be leveraged to launch specific attacks such as a cross-site port attack, service enumeration, and various other attacks.<\/p>\n<p>This ability makes server-side request forgery potentially dangerous because a vulnerable server can be leveraged as a proxy and can attack other public resources and local infrastructure.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-49677 size-full\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/20160506-SSRF-1-1.png\" alt=\"20160506 SSRF 1\" width=\"748\" height=\"615\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/20160506-SSRF-1-1.png 748w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/20160506-SSRF-1-1-300x247.png 300w\" sizes=\"auto, (max-width: 748px) 100vw, 748px\" \/><\/p>\n<p>Some common vulnerabilities related to server-side request forgery:<\/p>\n<ul>\n<li>URL redirection<\/li>\n<li>Remote file inclusion<\/li>\n<li>SQL injection<\/li>\n<li>Frame injection<\/li>\n<li>Link injection<\/li>\n<li>XML external entity<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>What can an attacker do using this vulnerability? <\/strong><\/p>\n<p>An attacker who has identified this vulnerability can leverage it for further attacks, including:<\/p>\n<ul>\n<li>Port-scan internal hosts on the intranet protected by the firewall.<\/li>\n<li>Attack internal applications.<\/li>\n<li>Access local web server files using the file handler \u201cfile:\/\/\/c:\/windows\/system32\/.\u201d<\/li>\n<li>Enumerate services.<\/li>\n<\/ul>\n<p>Attackers can use other options such as <a href=\"mailto:\/\/\">mailto:\/\/<\/a>, gopher:\/\/, etc. But these depend on how the request is handled by the server and the parser.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Port scanning <\/strong><\/p>\n<p>Server-side request forgery can take advantage of port scanning.<\/p>\n<p>Scanning local interface:<\/p>\n<p>GET \/Vulnerablepage.php? VulnParameter=http:\/\/127.0.0.1:80<\/p>\n<p>GET \/Vulnerablepage.php? VulnParameter=http:\/\/127.0.0.1:443<\/p>\n<p>GET \/Vulnerablepage.php? VulnParameter=http:\/\/127.0.0.1:21<\/p>\n<p>Based upon the difference in responses, attackers can infer open and closed ports. Similarly, one can scan other resources.<\/p>\n<p>This process can also be automated with Burp\u2019s Intruder feature by setting the payload position as:<\/p>\n<p>GET \/Vulnerablepage.php?VulnParameter=http:\/\/127.0.0.1:\u00a7\u00a7 HTTP\/1.1<\/p>\n<p>Next set the \u201cpayload set\u201d as \u201cnumbers,\u201d \u201cports\u201d from \u201c0-65535,\u201d and start the attack. Remember to uncheck payload encoding.<\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>Testing server-side request forgery<\/strong><\/p>\n<p>Normally any input field that accepts a URL is an ideal candidate for this attack. However, we have seen that applications with random parameters from which nothing can be inferred were also vulnerable to this attack. Thus it is always a good practice to check for this vulnerability on suspicious parameters because we do not know how the parameters are handled by the server.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-49679 size-full\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/20160506-SSRF-2-1.png\" alt=\"20160506 SSRF 2\" width=\"711\" height=\"484\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/20160506-SSRF-2-1.png 711w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/20160506-SSRF-2-1-300x204.png 300w\" sizes=\"auto, (max-width: 711px) 100vw, 711px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Creating a proof of concept<\/strong><\/p>\n<p>The following steps will help a penetration tester develop a proof of concept.<\/p>\n<ul>\n<li>Identity a potential input field in the application to test this vulnerability.<\/li>\n<li>Start Netcat on a server (with server name \u201cservertest,\u201d for example) with the following command\n<ul>\n<li>(nc \u2013l \u2013v port no)<\/li>\n<\/ul>\n<\/li>\n<li>Once the server is running, enter the following payload in the vulnerable input http:\/\/servertest:portno\/testSSRF\n<ul>\n<li>Use a unique directory such as \/testSSRF to ensure that the request is triggered from our vulnerable server.<\/li>\n<\/ul>\n<\/li>\n<li>If the server is vulnerable, it will establish the connection and the Netcat listener will display the details about the connection as shown in the following screen capture.<\/li>\n<\/ul>\n<p><strong><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-49678 size-full\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/20160506-SSRF-3-1.png\" alt=\"20160506 SSRF 3\" width=\"1085\" height=\"710\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/20160506-SSRF-3-1.png 1085w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/20160506-SSRF-3-1-300x196.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/20160506-SSRF-3-1-768x503.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/20160506-SSRF-3-1-1024x670.png 1024w\" sizes=\"auto, (max-width: 1085px) 100vw, 1085px\" \/>\u00a0<\/strong><\/p>\n<p><strong>Tools<\/strong><\/p>\n<p>Burp\u2019s collaborator feature comes in very handy when testing this vulnerability. It can help initially identify this issue, which can then be manually verified by the preceding technique.<\/p>\n<p>The collaborator sends payloads to the affected application that are crafted to initiate connections with the collaborator server. Burp then continuously monitors the collaborator server to ensure if any request has initiated a connection.<\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>Recommendations <\/strong><\/p>\n<ul>\n<li>Do not trust user data, and perform data validation.<\/li>\n<li>Harden application servers, and ensure that unnecessary ports and services are not open and running.<\/li>\n<li>Implement a whitelist policy for allowed hosts and services.<\/li>\n<\/ul>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>References<\/strong><\/p>\n<p><a href=\"https:\/\/portswigger.net\/burp\/help\/collaborator.html\">https:\/\/portswigger.net\/burp\/help\/collaborator.html<\/a><\/p>\n<p>http:\/\/www.riyazwalikar.com\/2012\/11\/cross-site-port-attacks-xspa-part-1.html<\/p>\n<p><a href=\"https:\/\/docs.google.com\/document\/d\/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM\/edit\">https:\/\/docs.google.com\/document\/d\/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM\/edit#<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This blog was written by Kunal Garg. Server-side request forgery is an attack in which an attacker can force a&#8230;<\/p>\n","protected":false},"author":695,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1814,4452,18,1697],"coauthors":[4136],"class_list":["post-49523","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-computer-security","tag-cybersecurity","tag-network-security","tag-security-management"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Server-Side Request Forgery Takes Advantage of Vulnerable App Servers | McAfee Blog<\/title>\n<meta name=\"description\" content=\"This blog was written by Kunal Garg. Server-side request forgery is an attack in which an attacker can force a vulnerable server to trigger malicious\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server-Side Request Forgery Takes Advantage of Vulnerable App Servers | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"This blog was written by Kunal Garg. Server-side request forgery is an attack in which an attacker can force a vulnerable server to trigger malicious\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-05-12T17:54:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-20T06:13:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/20160506-SSRF-1-1.png\" \/>\n<meta name=\"author\" content=\"McAfee Labs\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee_Labs\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee Labs\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/\"},\"author\":{\"name\":\"McAfee Labs\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\"},\"headline\":\"Server-Side Request Forgery Takes Advantage of Vulnerable App Servers\",\"datePublished\":\"2016-05-12T17:54:25+00:00\",\"dateModified\":\"2024-02-20T06:13:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/\"},\"wordCount\":588,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/20160506-SSRF-1-1.png\",\"keywords\":[\"computer security\",\"cybersecurity\",\"network security\",\"security management\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/\",\"name\":\"Server-Side Request Forgery Takes Advantage of Vulnerable App Servers | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/20160506-SSRF-1-1.png\",\"datePublished\":\"2016-05-12T17:54:25+00:00\",\"dateModified\":\"2024-02-20T06:13:10+00:00\",\"description\":\"This blog was written by Kunal Garg. Server-side request forgery is an attack in which an attacker can force a vulnerable server to trigger malicious\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/20160506-SSRF-1-1.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/20160506-SSRF-1-1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Server-Side Request Forgery Takes Advantage of Vulnerable App Servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\",\"name\":\"McAfee Labs\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"caption\":\"McAfee Labs\"},\"description\":\"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee_Labs\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server-Side Request Forgery Takes Advantage of Vulnerable App Servers | McAfee Blog","description":"This blog was written by Kunal Garg. Server-side request forgery is an attack in which an attacker can force a vulnerable server to trigger malicious","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Server-Side Request Forgery Takes Advantage of Vulnerable App Servers | McAfee Blog","og_description":"This blog was written by Kunal Garg. Server-side request forgery is an attack in which an attacker can force a vulnerable server to trigger malicious","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2016-05-12T17:54:25+00:00","article_modified_time":"2024-02-20T06:13:10+00:00","og_image":[{"url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/20160506-SSRF-1-1.png","type":"","width":"","height":""}],"author":"McAfee Labs","twitter_card":"summary_large_image","twitter_creator":"@McAfee_Labs","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee Labs","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/"},"author":{"name":"McAfee Labs","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad"},"headline":"Server-Side Request Forgery Takes Advantage of Vulnerable App Servers","datePublished":"2016-05-12T17:54:25+00:00","dateModified":"2024-02-20T06:13:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/"},"wordCount":588,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/20160506-SSRF-1-1.png","keywords":["computer security","cybersecurity","network security","security management"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/","name":"Server-Side Request Forgery Takes Advantage of Vulnerable App Servers | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/20160506-SSRF-1-1.png","datePublished":"2016-05-12T17:54:25+00:00","dateModified":"2024-02-20T06:13:10+00:00","description":"This blog was written by Kunal Garg. Server-side request forgery is an attack in which an attacker can force a vulnerable server to trigger malicious","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/20160506-SSRF-1-1.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/20160506-SSRF-1-1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/server-side-request-forgery-takes-advantage-vulnerable-app-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Server-Side Request Forgery Takes Advantage of Vulnerable App Servers"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad","name":"McAfee Labs","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","caption":"McAfee Labs"},"description":"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.","sameAs":["https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee_Labs"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/49523","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/695"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=49523"}],"version-history":[{"count":1,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/49523\/revisions"}],"predecessor-version":[{"id":183176,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/49523\/revisions\/183176"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=49523"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=49523"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=49523"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=49523"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}