28 lines
1.1 KiB
Plaintext
28 lines
1.1 KiB
Plaintext
=== What is the potential impact?
|
|
|
|
The impact of SSRF vulnerabilities can vary greatly depending on the context in
|
|
which the user input is used.
|
|
|
|
==== API Traversal
|
|
|
|
In a path traversal SSRF attack, the attacker can manipulate the path of the
|
|
server-side request to traverse through different endpoints of an API. This can
|
|
lead to several potential impacts:
|
|
|
|
===== Unauthorized access to API endpoints
|
|
|
|
By manipulating the path of the server-side request, an attacker can potentially
|
|
access API endpoints that are not intended to be publicly accessible. This could
|
|
include endpoints that provide access to sensitive data or functionality.
|
|
Unauthorized access to these endpoints could lead to data breaches or
|
|
unauthorized actions being performed on the server.
|
|
|
|
===== Manipulation of API responses
|
|
|
|
If an attacker can manipulate the path of a server-side request to traverse to
|
|
different API endpoints, they could potentially influence the responses that the
|
|
server sends back. This could lead to incorrect or misleading data being
|
|
returned, which could have a variety of impacts depending on the nature of the
|
|
application and the data involved.
|
|
|