Certified Ethical Hacker (CEH v11) — Question 211

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url=externalsite.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server.
What is the type of attack Jason performed in the above scenario?

Answer options

• A. Web server misconfiguration
• B. Server-side request forgery (SSRF) attack
• C. Web cache poisoning attack
• D. Website defacement

Correct answer: B

Explanation

The correct answer is B, as this describes a Server-side request forgery (SSRF) attack where the attacker tricks the server into making a request to internal resources. The other options do not accurately represent the nature of the attack; A refers to misconfigurations, C involves manipulating cached data, and D pertains to altering the appearance of a website.