As part of a penetration test, you are evaluating a dashboard that lets employees paste any URL into a form to generate a live preview. The application sends the URL to the server, which fetches the content and returns it to the user's browser. You want to prove that this functionality can be abused to reach non-public resources inside the corporate network. Which action would provide the clearest evidence that the preview feature can actually contact an internal service?
Provide a URL that targets an internal-only endpoint (for example, http://127.0.0.1:8080/admin) and verify that the application returns the protected content
Measure how long the server takes to respond to extremely slow external sites and infer back-end behavior from any delay
Capture response headers during a normal login request and look for internal hostnames or odd header values
Run a dictionary attack against subdomains of the public site to discover names that are not listed in public DNS
Successfully retrieving output from a resource that should be unreachable to external users conclusively demonstrates an SSRF condition, because the vulnerable server acted as a proxy to the internal address. Header anomalies or response times may hint at misconfigurations but do not prove that a forbidden host was contacted. Brute-forcing hostnames enumerates potential targets rather than confirming that a private service was actually reached.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SSRF and how does it relate to this scenario?
Open an interactive chat with Bash
Why is targeting 127.0.0.1 significant in this test?
Open an interactive chat with Bash
How does this test differ from other incorrect actions in the question?