nuclei-templates/dast/vulnerabilities/ssrf/blind-ssrf.yaml

46 lines
1.2 KiB
YAML
Raw Normal View History

2024-03-16 18:44:49 +00:00
id: blind-ssrf
info:
name: Blind SSRF OAST Detection
2024-07-17 20:34:41 +00:00
author: pdteam,AmirHossein Raeisi
2024-03-16 18:44:49 +00:00
severity: medium
metadata:
max-request: 3
2024-03-23 09:32:51 +00:00
tags: ssrf,dast,oast
2024-03-16 18:44:49 +00:00
http:
2024-03-31 19:55:42 +00:00
- pre-condition:
2024-03-26 07:21:56 +00:00
- type: dsl
dsl:
- 'method == "GET"'
2024-03-16 18:44:49 +00:00
payloads:
ssrf:
- "{{interactsh-url}}"
- "{{FQDN}}.{{interactsh-url}}"
- "{{RDN}}.{{interactsh-url}}"
2024-07-17 20:34:41 +00:00
- "{{FQDN}}@{{interactsh-url}}"
2024-07-17 21:00:07 +00:00
- "{{RDN}}@{{interactsh-url}}"
2024-03-16 18:44:49 +00:00
fuzzing:
- part: query
mode: single
values:
- "https?://" # Replace HTTP URLs with alternatives
fuzz:
- "https://{{ssrf}}"
- part: query
mode: single
values:
- "^[A-Za-z0-9-._]+:[0-9]+$" # Replace <host>:<port> with alternative
fuzz:
- "{{ssrf}}:80"
stop-at-first-match: true
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
# digest: 4a0a0047304502207dd98fdf4b66bd8e09960f133e03a0e539cbd3a4749f1de33bc45ca104a07d90022100e35cf6744d140265a35163217357e7983b162f6cbbe6f96ffb73df5eb24bc570:922c64590222798bb761d5b6d8e72950