CompTIA CySA+ CS0-003 Practice Question

The correct answer is 'An attacker induces the server to make a request to an internal resource, which should not be accessible.' This depicts a classic SSRF attack, where the attacker is able to cause the server to perform an action on their behalf, often accessing internal resources that the attacker normally couldn't reach. SSRF exploits the trust that a server has in itself to erroneously execute internal interactions. The incorrect options do not describe SSRF vulnerabilities; a cross-site scripting (XSS) attack involves executing scripts in a victim's web browser rather than internal server requests. Buffer overflows are related to memory safety vulnerabilities, not SSRF. A SQL injection attack involves inserting malicious SQL queries via input fields, not manipulating server requests.