Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
Writeup: SSRF with whitelist-based input filter - Aleyna Doğan

Writeup: SSRF with whitelist-based input filter

updated on 7 Mart 20247 Mart 2024By Aleyna Doğan

Lab link.

Another SSRF measure is Whitelist-Based. The application only allows entries that match a whitelist. The filter can search for a match inside the input. We bypass this filter by exploiting inconsistencies in URL parsing.

We try to find an SSRF vulnerability in the check stock feature in the application. We try some SSRF payloads and get no results.

To bypass the whitelist method, we first embed the username using the @ character from the hostname and then specify the URL fragment using the # character.

We can access the admin panel and delete the carlos user with the necessary URL edits.

More Lab

Bir yanıt yazın Yanıtı iptal et