The correct answer is 'An attacker induces the server to make a request to an internal resource, which should not be accessible.' This depicts a classic SSRF attack, where the attacker is able to cause the server to perform an action on their behalf, often accessing internal resources that the attacker normally couldn't reach. SSRF exploits the trust that a server has in itself to erroneously execute internal interactions. The incorrect options do not describe SSRF vulnerabilities; a cross-site scripting (XSS) attack involves executing scripts in a victim's web browser rather than internal server requests. Buffer overflows are related to memory safety vulnerabilities, not SSRF. A SQL injection attack involves inserting malicious SQL queries via input fields, not manipulating server requests.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a server-side request forgery (SSRF) vulnerability?
Open an interactive chat with Bash
How does SSRF differ from cross-site scripting (XSS)?
Open an interactive chat with Bash
What is an example of how an SSRF attack might be carried out?