SSRF
This article is a stub. You can help the IndieWeb wiki by expanding it.
SSRF or Server-Side Request Forgery is an attack that IndieAuth servers and Webmention receivers need to be aware of, wherein attackers abuse URL parsers to various nefarious ends.
See Also
- https://youtu.be/D1S-G8rJrEk
- https://github.com/fin1te/safecurl
- https://github.com/JordanMilne/Advocate
- https://portswigger.net/web-security/ssrf
- https://owasp.org/www-community/attacks/Server_Side_Request_Forgery
- https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf (pdf)