SSRF

SSRF(Server-Side Request Forgery:服务器端请求伪造)

漏洞代码及相关函数

<?php
    function curl($url){
        $ch = curl_init();
        curl_setopt($ch,CURLOPT_URL,$url);
        curl_setopt($ch,CURLOPT_HEADER,0);
        curl_exec($ch);
        curl_close($ch);
    }
    $url = $_GET["url"];
    curl($url);
?>

函数

file_get_contents()
fsockopen()
curl_exec()

 

触发payload:ssrf.php?url=file:///c:/windwos/win.ini

posted @ 2020-07-17 13:43  f1veseven  阅读(102)  评论(0编辑  收藏  举报