SSRF

easy25 mintryhackme

Learn about Server-Side Request Forgery (SSRF) — what it is, regular vs blind SSRF, how to find SSRF vulnerabilities, and how to bypass common defenses (deny lists, allow lists, open redirects). Practical exercise exploiting an SSRF via an avatar upload feature, bypassing a deny list with directory traversal to read a restricted /private endpoint.

Skills You Will Learn

ssrfserver-side-request-forgerydirectory-traversaldeny-list-bypassbase64

Prerequisites

thm-idor
parameter-tampering

Walkthrough Phases

Understanding SSRF

Learn what SSRF is and its impact

Finding SSRF Vulnerabilities

Learn where to look for SSRF in web applications

Defeating SSRF Defenses

Learn common SSRF protections and how to bypass them

SSRF Practical

Exploit an SSRF vulnerability to read a restricted endpoint

9 questions to answer

alienrecon start thm-ssrfqi

Don't have AlienRecon? Get started here