Certified Ethical Hacker (CEH v12) — Question 76

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url=externalsite.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server.
What is the type of attack Jason performed in the above scenario?

Answer options

• A. Web server misconfiguration
• B. Server-side request forgery (SSRF) attack
• C. Web cache poisoning attack
• D. Website defacement

Correct answer: B

Explanation

Jason conducted a Server-side request forgery (SSRF) attack by manipulating the URL to access internal resources, which is characteristic of this type of attack. The other options are not applicable here; a web server misconfiguration refers to improper setup, web cache poisoning involves maliciously altering cached data, and website defacement is altering the visual appearance of a site, none of which align with Jason's actions.