SSRF vs CSRF: Explained with Practical Context

SSRF Example (Server-Side Request Forgery) Scenario: A web application allows users to fetch images using a URL. Vulnerable request https://app.com/fetch?url=http://169.254.169.254/latest/meta-data/ What happens The server makes the request It reaches cloud metadata services Attacker retrieves cloud credentials Result Access to cloud resources Possible full infrastructure compromise Key point: 👉 The server is tricked into attacking itself. CSRF Example (Cross-Site Request Forgery) Scenario: A user is logged into an online banking site. Malicious page <img src="https://bank.com/transfer?to=attacker&amount=50000"> What happens Victim visits attacker’s page Browser automatically sends session cookies Bank processes the request as legitimate Result Unauthorized money transfer User never clicks “Submit” Key point: 👉 The user’s browser is tricked into performing actions.