Server Side request Forgery


Server-side request forgery !


Common injection parameters

"access=",

"admin=",

"dbg=",

"debug=",

"edit=",

"grant=",

"test=",

"alter=",

"clone=",

"create=",

"delete=",

"disable=",

"enable=",

"exec=",

"execute=",

"load=",

"make=",

"modify=",

"rename=",

"reset=",

"shell=",

"toggle=",

"adm=",

"root=",

"cfg=",

"dest=",

"redirect=",

"uri=",

"path=",

"continue=",

"url=",

"window=",

"next=",

"data=",

"reference=",

"site=",

"html=",

"val=",

"validate=",

"domain=",

"callback=",

"return=",

"page=",

"feed=",

"host=",

"port=",

"to=",

"out=",

"view=",

"dir=",

"show=",

"navigation=",

"open=",

"file=",

"document=",

"folder=",

"pg=",

"php_path=",

"style=",

"doc=",

"img=",

"filename="


Try basic localhost payloads


Bypassing filters

Bypass using HTTPS

Bypass with [::]

Bypass with a domain redirection

Bypass using a decimal IP location

Bypass using IPv6/IPv4 Address Embedding

Bypass using malformed urls

Comments

Post a Comment

Popular posts from this blog

Two Factor Authentication ! [2FA]

Image
 Two Factor Authentication ! What is 2FA 🤔 ? Let's get started , 2FA stands for 2-factor authentication. It is used as an additional layer of security for user accounts. This simply means there will be two factors for you to authenticate into your account. One is simply your credentials, and if due to some case they are compromised the additional layer(second authentication) can protect your account from getting takeover. This can be of many forms like ;    1:) Sending verification code to email. 2:) Sending OTP to email or mobile number. 3:) Third-party app-generated codes. 4:) Verification through QR codes. 5:)     SMS verification. This provides an extra layer of security for user accounts. Even if your credentials got exposed, your account can still be safe if you have your 2FA turned on. But what if this 2FA is also vulnerable. Then your account is not safe even if you have your 2FA turned on. So this vulnerability is a serious one and can be used to take over other accounts
Read more