Routing-based SSRF

Classic Server-Side Request Forgery (SSRF) vulnerabilities are usually based on XXE or exploitable business logic that sends HTTP requests to URLs derived from user-controlled input. Routing-based SSRF relies on the use of intermediate components that are popular in many cloud-based architectures. This includes internal load balancers and reverse proxies.

These components receive requests and forward them to the appropriate backend. If they are not securely configured to forward requests that do not verify the host header, they may be manipulated to route requests incorrectly to any system chosen by the attacker.

These systems are good targets as they are often in a privileged network location, which allows them to receive requests directly from the public network and access many internal networks. This makes the host head a powerful carrier of SSRF attacks, and it is possible to transform a simple load balancer into a gateway to the whole internal network. Burp Collaborator can be used to help identify Routing-based SSRF vulnerabilities.

See also: Server-Side Request Forgery (SSRF)

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center