Author: @Ambulong

SSRF And URL Related TIPS

---

SSRF Related Tips

Vulnerabilities

• Weblogic SSRF
• DokuWiki
  • DokuWiki fetch.php SSRF漏洞与tok安全验证绕过分析
• Atlassian Confluence (CVE-2016-6595)
  • Confluence任意文件读取漏洞以及CVE-2016-6596 SSRF漏洞分析
• Discuz SSRF
  • Discuz + Memcache
  • Discuz + Redis
• vBulletin SSRF
  • vBulletin + Memcache
  • vBulletin + Redis
• Password Crack
  • FTP/FTPS
  • IMAP/IMAPS/POP3/SMTP
  • TELNET
  • SSH

Exploits

• Redis
• Memcache
• Mongodb
• PHP-CGI/FastCGI
• Struts 2
• Counchdb WEB API
• Atlassian Confluence
  • Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities
  • Confluence任意文件读取漏洞以及CVE-2016-6596 SSRF漏洞分析
• Axis2
• Glassfish
• JBOSS
• Docker Remote API
• Java RMI
• Elasticsearch Groovy
• WebDav PUT
• WebSphere
• Apache Hadoop
• HFS
• zentoPMS

Tools

• bcoles/ssrf_proxy

Posts & Reference

• 利用 Gopher 协议拓展攻击面 - 长亭科技
• A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! - Orange
• How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! - Orange
• Port scanning with Server Side Request Forgery (SSRF) - IAN MUSCAT
• Build Your SSRF Exploit Framework - ring04h