A Server-Side Request Forgery (SSRF) attack, in which an attacker breach the server secure functionality to access or modify resources/information/data. The attacker specifically targets an application that supports data imports from URLs or allows them to read data from URLs. attacker can be manipulated URLs, by either replacing with new parameter values or by tampering with current URL path traversal.
Typically, attackers supply a URL (or modify an existing one) and the code which is running on the server reads or submits data to request. Attackers can leverage URLs to gain access to internal data and services that were not meant to be exposed – including HTTP-enabled databases and server configuration data.
Once an attacker submits the tampered request, the server receives it and attempts to respond to provided URL. Even for services which are not exposed on the public internet.
