Exam 312-50v12 topic 1 question 78 discussion

B. Server-side request forgery (SSRF) attack

B. Server-side request forgery (SSRF) attack

The correct option is B. SSRF

B. Server-side request forgery (SSRF) attack Like : 312-50v11 Q11 Book CEH V12 : Module14 P1948 SSRF vulnerabilities evolve in the following manner. Generally, server-side requests are initiated to obtain information from an external resource and feed it into an application. For instance, a designer can utilize a URL such as https://xyz.com/feed.php?url=externalsite.com/feed/to to obtain a remote feed. If attackers can alter the URL input to the localhost, then they can view all the local resources on the server.

B. Server-side request forgery (SSRF) attack Explanation: In the given scenario, Jason performed a Server-side request forgery (SSRF) attack to gain access to backend servers that were protected by a firewall. In an SSRF attack, the attacker sends a request to a web server with a manipulated URL input that points to an external system controlled by the attacker. The web server processes the request, and the attacker can use this to access resources on the server that are not intended to be accessible. In this case, the attacker used the URL input to obtain a remote feed and then manipulated the input to point to the local host, which allowed the attacker to view all local resources on the target server. By exploiting this vulnerability, the attacker could potentially gain access to sensitive information or even take control of the server.