312-50V13 · Question #248
Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this
The correct answer is B. Server-side request forgery (SSRF) attack. Explanation Option B is correct because Jason manipulated the web server into making requests on his behalf by altering the URL parameter to point to localhost, allowing him to access internal resources (backend servers) that would otherwise be blocked by the firewall - this is t
Question
Options
- Awebsite defacement
- BServer-side request forgery (SSRF) attack
- CWeb server misconfiguration
- Dweb cache poisoning attack
How the community answered
(44 responses)- A2% (1)
- B95% (42)
- D2% (1)
Explanation
Explanation
Option B is correct because Jason manipulated the web server into making requests on his behalf by altering the URL parameter to point to localhost, allowing him to access internal resources (backend servers) that would otherwise be blocked by the firewall - this is the textbook definition of Server-Side Request Forgery (SSRF). Option A (website defacement) is wrong because that attack involves visually altering a website's appearance, which Jason never did. Option C (web server misconfiguration) is incorrect because it describes a vulnerability state, not an active attack technique involving URL manipulation. Option D (web cache poisoning) is wrong because that attack involves corrupting cached web content to serve malicious responses to other users, which is unrelated to forging internal server requests.
Memory Tip:
Think of SSRF = "Sneaky Server Request Forwarding" - the attacker tricks the server into making requests to internal/restricted resources on their behalf, essentially using the server as a proxy to bypass firewalls. If you see URL manipulation pointing to localhost or internal IPs, think SSRF.
Topics
Community Discussion
No community discussion yet for this question.