nuclei-templates/http/fuzzing/ssrf-via-proxy.yaml

id: ssrf-via-proxy

info:
  name: SSRF via Proxy Unsafe
  author: geeknik,petergrifin
  severity: unknown
  reference:
    - https://github.com/geeknik/the-nuclei-templates/blob/main/ssrf-by-proxy.yaml
    - https://twitter.com/HusseiN98D/status/1649006265450782720
    - https://twitter.com/ImoJOnDz/status/1649089777629827072
  metadata:
    max-request: 9
  tags: ssrf,proxy,oast,fuzz,fuzzing

http:
  - payloads:
      verb:
        - GET
        - HEAD
        - POST
        - PUT
        - DELETE
        - CONNECT
        - OPTIONS
        - TRACE
        - PATCH
    raw:
      - |+
        {{verb}} http://127.0.0.1:22 HTTP/1.1
        Host: {{Hostname}}

    stop-at-first-match: true
    unsafe: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Protocol mismatch"
          - "OpenSSH"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402202521accb84ca996dbc113120273493945da01a604d5f92bcb0eabcff1aa5c156022074256e92baf6c60c359442a6ec1389ed2e2ca1db7e202bdea6ecda1e0641cb89:922c64590222798bb761d5b6d8e72950
Update and rename fuzzing/ssrf-via-proxy.yaml to http/fuzzing/ssrf-via-proxy.yaml 2023-05-10 11:28:06 +00:00			`id: ssrf-via-proxy`

			`info:`
			`name: SSRF via Proxy Unsafe`
			`author: geeknik,petergrifin`
			`severity: unknown`
			`reference:`
			`- https://github.com/geeknik/the-nuclei-templates/blob/main/ssrf-by-proxy.yaml`
			`- https://twitter.com/HusseiN98D/status/1649006265450782720`
			`- https://twitter.com/ImoJOnDz/status/1649089777629827072`
Auto Generated CVE annotations [Sat Jun 3 18:56:35 UTC 2023] :robot: 2023-06-03 18:56:35 +00:00			`metadata:`
			`max-request: 9`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`tags: ssrf,proxy,oast,fuzz,fuzzing`
Update and rename fuzzing/ssrf-via-proxy.yaml to http/fuzzing/ssrf-via-proxy.yaml 2023-05-10 11:28:06 +00:00
protocol -update 2023-05-11 09:17:44 +00:00			`http:`
Update and rename fuzzing/ssrf-via-proxy.yaml to http/fuzzing/ssrf-via-proxy.yaml 2023-05-10 11:28:06 +00:00			`- payloads:`
			`verb:`
			`- GET`
			`- HEAD`
			`- POST`
			`- PUT`
			`- DELETE`
			`- CONNECT`
			`- OPTIONS`
			`- TRACE`
			`- PATCH`
			`raw:`
			`- \|+`
			`{{verb}} http://127.0.0.1:22 HTTP/1.1`
			`Host: {{Hostname}}`

			`stop-at-first-match: true`
			`unsafe: true`
templateman update 2023-10-14 11:27:55 +00:00
Update and rename fuzzing/ssrf-via-proxy.yaml to http/fuzzing/ssrf-via-proxy.yaml 2023-05-10 11:28:06 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "Protocol mismatch"`
			`- "OpenSSH"`
			`condition: and`

			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Sat Jun 8 16:02:16 UTC 2024] :robot: 2024-06-08 16:02:17 +00:00			`# digest: 490a0046304402202521accb84ca996dbc113120273493945da01a604d5f92bcb0eabcff1aa5c156022074256e92baf6c60c359442a6ec1389ed2e2ca1db7e202bdea6ecda1e0641cb89:922c64590222798bb761d5b6d8e72950`