DNS Rebinding can turn a victim’s browser into a proxy to bypass Same-Origin Policy (SOP), enabling Server-Side Request Forgery (SSRF). By rapidly changing DNS records, an attacker tricks a web app into accessing internal resources or local files. This bypasses SSRF protections that rely on domain allowlists. If the app fetches file URLs (e.g., file:///etc/passwd), an attacker can exfiltrate sensitive system files. Such attacks can expose internal dashboards, cloud metadata, or even take over services.

Beyond file access, DNS rebinding can target internal APIs, stealing credentials, executing admin commands, or even launching further exploits. Attackers can also use WebSockets to maintain persistent access. Common targets include home routers, IoT devices, and cloud environments. To prevent this, use proper network segmentation, block private IP access, enforce strong allowlist validation, and implement robust DNS security controls like rebinding protections on DNS resolvers.