ssrf Overview
ssrf source code analysis
ssrf(curl)
The value of the url parameter is set to https://www.baidu.com/, get back the page, you can see already visited www.baidu.com resources
Code Analysis
curl simulate browser requests, such as access to get remote web pages, files, although you can use file_get_contents function but curl cookie support custom browser type, source ip and so on.
ssrf(file_get_contents)
url into www.baidu.com
Here file_get_contents function there is a file that contains the vulnerability, read the source file using php pseudo-protocol, url assignment php: //filter/read=convert.base64-encode/resource=http: //127.0.0.1/pikachu/vul/ ssrf / ssrf_info / info2.php read source
Code Analysis
file_get_contents can also grab the remote web content, details of google.
ssrf repair
1. whitelist
2. identify the content of the return
3. require the use of Internet resources (such as using a network Post Bar Picture) The situation can not use the white list: first disable
CURLOPT_FOLLOWLOCATION; then by acquiring a target ip domain name, and filter internal ip; final identification whether the contents of return consistent with the assumed content
如果curl爬取过程中,设置CURLOPT_FOLLOWLOCATION为true,则会跟踪爬取重定向页面,否则,不会跟踪重定向页面
