What is SSRF?

Server-side request forgery (SSRF) is a vulnerability that lets a malicious hacker send a request from the back end of the software to another server or to a local service. The server or service that receives that request believes that the request came from the application and is legitimate.

<?php
if (isset($_GET['url'])) {
$url = $_GET['url'];
$image = fopen($url, 'rb');
header("Content-Type: image/png");
fpassthru($image);
}
?>

GET /?url=http://localhost/server-status HTTP/1.1
GET /?url=file:///etc/passwd HTTP/1.1
GET /?url=dict://localhost:11211/stat HTTP/1.1

Andrew's Blog

What is SSRF?