BBLabs NewsBBLabs News
NewsAll articlesTopics
ES
  1. Home
  2. ›
  3. Glossary
  4. ›
  5. SSRF
Bug Bounty

SSRFServer-Side Request Forgery

Definition

Vulnerability where an attacker tricks the server into issuing HTTP requests to attacker-chosen targets. Allows reaching cloud metadata, internal networks, and localhost services.

Classic pattern: input that looks like an external URL (webhook URL, image proxy, PDF generator) → server fetches without validating the target → attacker points it at `http://169.254.169.254/latest/meta-data/iam/security-credentials/` (AWS metadata) → steals the role's temporary credentials → pivots.

High-payout in bug bounty when: metadata chains (Capital One 2019), bypass of IP allowlists (DNS rebinding, redirect, decimal IP, IPv6 mapped), internal admin access via localhost.

Defence: strict destination allowlist (not blocklist), block private + link-local + equivalent IPv6, validate after DNS resolution, IMDSv2 on AWS, network segmentation.

Related terms

  • RCE
  • IDOR
  • XSS
  • SQLi

Latest articles on Bug Bounty

  • →Repo jacking on bundler.io: open supply chain attack
  • →Jacob Butler arrested for running Kimwolf botnet
  • →KimWolf botnet admin charged: 2M devices, US-Canada joint op

Interested in Bug Bounty?

Get one technical story a day on bug bounty — curated, summarised, actionable.

Subscribe
BBLabs NewsBBLabs News

Una historia al día. Cero ruido.

Newsletter técnica de ciberseguridad, vulnerabilidades, IA y bug bounty. Para gente que se toma en serio no perder el tiempo.

Conecta

Comunidad

  • Discord BBLabsÚnete a la comunidad
  • Discord Bug Bounty EspañaComunidad BB Es

Síguenos

  • YouTube · 0xGorkaCyber, hacking y bug bounty
  • Instagram · @bblabs.esLo último del proyecto

Contacto

team@bblabs.esEscríbenos para lo que sea

Para feedback, partnerships o reportar un bug en la web. Respondemos rápido.

Acerca de·Temas·Glosario·RSS·Privacidad·Términos
© 2026 BBLabs News·Por Gorka El Bochi
Hecho en España