SSRF (Server-Side Request Forgery)

SSRF is a web security [vulnerability] where an attacker forces a vulnerable server to make unintended requests to internal resources such as databases.

By manipulating user-supplied input that a back-end application uses to construct requests, an attacker can bypass firewalls and coerce the server into sending requests to internal services that are not directly accessible from the outside world. This can lead to unauthorized access to sensitive data, internal systems, and potentially allow further exploitation of the network.