Lesson 7: SSRF & IDOR — Broken server-side logic
Not all web vulnerabilities involve code injection. SSRF and IDOR are logic vulnerabilities — the attacker doesn't need to inject JavaScript or SQL; they simply use the application's legitimate functions, but redirect them to unintended targets. SSRF (Server-Side Request Forgery) forces the server t
SSRF is like asking your delivery person to pick up a package from your bank instead of the store. IDOR is like changing the receipt number and receiving someone else's bill.
- SSRF (Server-Side Request Forgery)
- A vulnerability where an attacker forces the server to make a request to a URL of the attacker's choosing — including internal services not accessible from the internet.
- IDOR (Insecure Direct Object Reference)
- A vulnerability where an application allows access to a resource based on a user-supplied identifier, without verifying that the user owns that resource.
- Internal Metadata Service
- An internal service at cloud providers (like 169.254.169.254 in AWS) that provides sensitive machine information, including credentials. Accessible only from the machine itself — exploitable via SSRF.
- Access Control
- A mechanism that ensures a user can access only resources they are authorized to see — preventing IDOR requires ownership checks on every request.