Backup_Repos/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2026-01-18 14:13:16 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #809 from HackingRepo/patch-2

Browse source 
Update README with URL parsing examples
This commit is contained in:
Swissky 2026-01-03 16:57:44 +01:00 committed by GitHub
commit 45661ef925
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Server Side Request Forgery/README.md
View file

@ -266,6 +266,7 @@ http://127.1.1.1:80\@127.2.2.2:80/
http://127.1.1.1:80\@@127.2.2.2:80/
http://127.1.1.1:80:\@@127.2.2.2:80/
http://127.1.1.1:80#\@127.2.2.2:80/
http:127.0.0.1/
```
![https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/Images/WeakParser.png?raw=true](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/Images/WeakParser.jpg?raw=true)
@ -275,6 +276,7 @@ Parsing behavior by different libraries: `http://1.1.1.1 &@2.2.2.2# @3.3.3.3/`
* `urllib2` treats `1.1.1.1` as the destination
* `requests` and browsers redirect to `2.2.2.2`
* `urllib` resolves to `3.3.3.3`
* Some parsers replace http:127.0.0.1/ to http://127.0.0.1/
### Bypass PHP filter_var() Function