Server-Side Request Forgery (SSRF) is a vulnerability where an attacker tricks a server into making HTTP requests on their behalf. In a cloud environment, SSRF frequently escalates from “interesting” to “full account compromise” via metadata service abuse.
The core vulnerability
An application takes a URL parameter, fetches it, and returns the response. Classic example: “Enter the URL of your avatar image” or “Import this RSS feed”. Attacker submits a URL pointing to internal infrastructure, and the server happily fetches it.
# Vulnerable endpoint (abstractly)
GET /api/fetch?url=https://example.com/rss.xml
# Attacker exploits:
GET /api/fetch?url=http://169.254.169.254/latest/meta-data/ (AWS metadata)
GET /api/fetch?url=file:///etc/passwd (LFI via SSRF)
GET /api/fetch?url=http://internal-db:5432/ (port scan internal)
GET /api/fetch?url=http://localhost:6379/set%20hacked (Redis via HTTP)Cloud metadata services β the juicy target
Each major cloud has an Instance Metadata Service (IMDS) accessible from workloads:
π Advanced Module Β· Pro Tier
Continue reading with Pro tier (βΉ4,999/year)
You've read 25% of this module. Unlock the remaining deep-dive, quiz, and every other Advanced/Expert module.
136+ modulesAll levels up to this tier
20-question quizzesUnlimited retries with explanations
Completion certificatesShareable on LinkedIn
6 more sections locked below