Server Side Request Forgery (SSRF) is simply an attack where the server will make a request (act like a proxy) for the attacker either to a local or to a remote source and then return a response containing the data resulting from the request.
We can say that the concept of SSRF is the same as using a proxy or VPN where the user will make a request to a certain resource, then the proxy or VPN Server will make a request to that resource, then return the results to the user who made the request.
From SSRF, various things can be done, such as:
Local/Remote Port ScanLocal File Read (using file://)Interact with internal apps/service/networkRCE by chaining services on the internal networkRead Metadata Cloud (AWS, Azure, Google Cloud, Digital Ocean, etc)Reflected XSS/CSRFLab Setup
For the use of the lab in this blog post, only use the simple script below (of course maybe the application in Real World is not as simple as this) and will be deployed on Digital Ocean.
$url = $_GET['url'];$curl = curl_init();
Read the article