Certified Ethical Hacker (CEH v13) — Question 103

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url=externalsite.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server.
What is the type of attack Jason performed in the above scenario?

Answer options

• A. Web server misconfiguration
• B. Server-side request forgery (SSRF) attack
• C. Web cache poisoning attack
• D. Website defacement

Correct answer: B

Explanation

The correct answer is B, as Jason's actions represent a Server-side request forgery (SSRF) attack, where he exploited the web server's ability to make requests on behalf of the attacker. The other options do not fit the scenario, as web server misconfiguration pertains to improper settings, web cache poisoning involves manipulating cache responses, and website defacement refers to altering the appearance of a website.