Server-Side Request Forgery (SSRF)
Server-Side Request Forgery (SSRF) occurs when a web application fetches a remote resource based on user-controlled input, but fails to properly validate or restrict where those requests are sent. This allows an attacker to trick the server into making unauthorized connections to internal systems or external domains.
SSRF flaws are dangerous because they let attackers bypass firewalls and access sensitive internal infrastructure that should be unreachable from the outside. A common scenario involves an application that takes a URL parameter for fetching an image or importing data, but an attacker manipulates it to target internal admin panels, cloud metadata services, or other backend systems. This can lead to information disclosure, internal service enumeration, or even remote code execution if the server processes the malicious response. Preventing SSRF requires a defense-in-depth approach: implement allowlists for permitted domains and protocols, validate and sanitize all user input used in network requests, and avoid using raw URLs to fetch resources. Network-level controls like segregating internal services and enforcing outbound firewall rules are also critical. While SAST and DAST tools can detect the vulnerable pattern, Plexicus uses AI to analyze the specific context and suggest the precise code fix—such as implementing a secure URL validator—saving significant manual remediation time across your application portfolio.
Impact: Read Application Data
Impact: Execute Unauthorized Code or Commands
Impact: Bypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts in internal networks, use other URLs such as that can access documents on the system (using file://), or use other protocols such as gopher:// or tftp://, which may provide greater control over the contents of requests.