Server-side request forgery (or SSRF) vulnerabilities can lead to total system compromise and allow access to an organization’s internal or cloud infrastructure if exploited. Today, they are among the top ten highest-paid vulnerabilities on HackerOne, earning hackers over $100,000 in any given month. In April of this year, 196 SSRF vulnerabilities were found in HackerOne customer programs, 28% more than in March.
What is an SSRF?
SSRF is a web security vulnerability that allows modification, extraction, or publication of data by exploiting a URL on the server-side application. They are most common in applications where users can download an asset from an external resource, such as webhooks, integrations, and PDF generators.