Ethical Hacking Essentials Practice Test

What kind of attack exploits vulnerabilities in public web servers to send crafted requests to internal servers?

• A. Brute-force attack
• B. Server-side request forgery
• C. Cross-site request forgery
• D. Website defacement

The correct answer is: Server-side request forgery

The chosen answer identifies Server-side request forgery (SSRF) as the correct option because it specifically refers to a type of vulnerability that allows an attacker to send manipulated requests from a web server to internal servers or services that are often protected by firewalls. This is done by crafting a request that the vulnerable public-facing web server processes and forwards internally, potentially exposing sensitive data or performing unauthorized actions on internal services. In the context of this scenario, SSRF attacks take advantage of the trust relationship between the web server and the internal network. By exploiting the web server's ability to communicate with internal systems, an attacker can gain access to resources that would typically be shielded from external entities. Other options, while they involve different forms of attacks, do not fit the description as precisely. A brute-force attack focuses on guessing credentials and does not involve sending requests to internal servers. Cross-site request forgery (CSRF) targets user sessions in a web application, tricking users into unwanted actions but does not involve crafted requests made by the server itself to internal resources. Website defacement involves altering the appearance of a website but does not exploit internal server requests in the way that SSRF does. Thus, SSRF is clearly the correct classification for this type of