SSRF’s up! Real World Server-Side Request Forgery (SSRF)

Server Side Request Forgery

n this blog post we’re going to explain what an SSRF attack is, how to test for it, and some basic guidelines on how to fix it. We will be using a real-world example, exploiting a vulnerability we discovered in a commercial Business Intelligence product called Dundas BI.