SSRF
SSRF(Server-Side Request Forgery:服务器端请求伪造)
漏洞代码及相关函数
<?php function curl($url){ $ch = curl_init(); curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_HEADER,0); curl_exec($ch); curl_close($ch); } $url = $_GET["url"]; curl($url); ?>
函数
file_get_contents()
fsockopen()
curl_exec()
触发payload:ssrf.php?url=file:///c:/windwos/win.ini