Author: @Ambulong
SSRF And URL Related TIPS
SSRF Related Tips
Vulnerabilities
- Weblogic SSRF
- DokuWiki
- Atlassian Confluence (CVE-2016-6595)
- Discuz SSRF
- Discuz + Memcache
- Discuz + Redis
- vBulletin SSRF
- vBulletin + Memcache
- vBulletin + Redis
- Password Crack
- FTP/FTPS
- IMAP/IMAPS/POP3/SMTP
- TELNET
- SSH
Exploits
- Redis
- Memcache
- Mongodb
- PHP-CGI/FastCGI
- Struts 2
- Counchdb WEB API
- Atlassian Confluence
- Axis2
- Glassfish
- JBOSS
- Docker Remote API
- Java RMI
- Elasticsearch Groovy
- WebDav PUT
- WebSphere
- Apache Hadoop
- HFS
- zentoPMS
Tools
Posts & Reference
- 利用 Gopher 协议拓展攻击面 - 长亭科技
- A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! - Orange
- How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! - Orange
- Port scanning with Server Side Request Forgery (SSRF) - IAN MUSCAT
- Build Your SSRF Exploit Framework - ring04h