Blind SSRF

Blind SSRF is a form of Server Side Request Forgery where the vulnerable application makes a request to an attacker-controlled or internal resource, but the response is not displayed back to the attacker. Researchers often confirm blind SSRF using out-of-band callbacks, DNS interactions, timing behavior, or external request logs. Although harder to prove, blind SSRF can still expose internal systems, cloud metadata services, and network trust boundaries if not properly mitigated.