Overview
Basic SSRF focuses on a web application feature that causes the server to make a request based on user-controlled input.
The key SSRF risk is the difference between a browser request and a backend request: the server may reach internal services, network locations, or trust zones that users cannot access directly.
Security Impact
SSRF can expose internal services, cloud metadata endpoints, administrative panels, or network-only resources. The impact may include data exposure, service abuse, internal reconnaissance, or further compromise of backend infrastructure.
Vulnerability Scope
URL preview tools, webhook testers, import features, PDF generators, image fetchers, and integrations are exposed when backend workflows retrieve user-supplied URLs.
Lab Focus
The lab focuses on server-side fetch behavior, network trust boundaries, and why URL allowlists, protocol restrictions, and outbound request controls matter.