nerdexam
EC-Council

312-50V11 · Question #925

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this

The correct answer is B. Server-side request forgery (SSRF) attack. Server-side request forgery (also called SSRF) is a net security vulnerability that allows an assaulter to induce the server-side application to make http requests to associate arbitrary domain of the attacker's choosing. In typical SSRF examples, the attacker might cause the ser

Hacking Web Applications

Question

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?

Options

  • Awebsite defacement
  • BServer-side request forgery (SSRF) attack
  • CWeb server misconfiguration
  • Dweb cache poisoning attack

How the community answered

(31 responses)
  • A
    3% (1)
  • B
    74% (23)
  • C
    6% (2)
  • D
    16% (5)

Explanation

Server-side request forgery (also called SSRF) is a net security vulnerability that allows an assaulter to induce the server-side application to make http requests to associate arbitrary domain of the attacker's choosing. In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services among the organization's infrastructure, or to external third- Another type of trust relationship that often arises with server-side request forgery is where the application server is able to interact with different back-end systems that aren't directly reachable by users. These systems typically have non-routable private informatics addresses. Since the back-end systems normally ordinarily protected by the topology, they typically have a weaker security posture. In several cases, internal back-end systems contain sensitive functionality that may be accessed while not authentication by anyone who is able to act with the systems. In the preceding example, suppose there's an body interface at the back-end url https://192.168.0.68/admin. Here, an attacker will exploit the SSRF vulnerability to access the executive interface by submitting the following request: POST /product/stock HTTP/1.0 Content-Type: application/x-www-form-urlencoded Content-Length: 118

Topics

#SSRF#server-side request forgery#URL manipulation#web application attack

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice