SSRF (Server-Side Request Forgery) ๐ฐ๏ธ: This attack tricks a server into making unintended HTTP requests, often targeting internal services or cloud metadata APIs, bypassing network segmentation.
Consider an application with a profile image upload feature that accepts URLs. An attacker provides the following URL:
http://169.254.169.254/latest/meta-data/iam/security-credentials/
NOTE: the URL to access the AWS EC2 Instance Metadata Service (IMDS) is consistent, and they are accessible only from within the instance itself (hence SSRF). The IMDS provides metadata about the instance, such as instance ID, AMI ID, and IAM role credentials.
The application fetches the content from this URL, expecting image data. Instead, it receives JSON data containing IAM role credentials. If the application displays this data in an error message or logs it without proper security measures, the attacker can access these credentials and use them to interact with AWS services.
SQL Injection ๐พ: Inserts malicious SQL code into database queries, compromising data integrity. Targets databases rather than internal cloud resources or network segmentation.
XSS (Cross-Site Scripting) ๐ฅ๏ธ: Injects malicious scripts into web pages, executed in the userโs browser. Focuses on client-side attacks, not internal cloud resources.
CSRF (Cross-Site Request Forgery) ๐: Tricks users into performing unintended actions (e.g., submitting forms) on a trusted website.