"SSRF - Server Side Request Forgery attacks. The ability to create requests from the vulnerable server to intra/internet. Using a protocol supported by available URI schemas, you can communicate with services running on other protocols. Here we collect the various options and examples (exploits) of such interaction"
URL schema support
| PHP | Java | cURL | LWP | ASP.NET |
gopher | enable by --with-curlwrappers | before last patches | w/o \0 char | + | ASP.NET <=3 and Windows XP and Windows Server 2003 R2 and earlier only |
tftp | enable by --with-curlwrappers | - | w/o \0 char | - | - |
http | + | + | + | + | + |
https | + | + | + | + | + |
ldap | - | - | + | + | - |
ftp | + | + | + | + | + |
dict | enable by --with-curlwrappers | - | + | - | - |
ssh2 | disabled by default | - | - | Net:SSH2 required | - |
file | + | + | + | + | + |
ogg | disabled by default | - | - | - | - |
expect | disabled by default | - | - | - | - |
imap | enable by --with-curlwrappers | - | + | + | - |
pop3 | enable by --with-curlwrappers | - | + | + | - |
mailto | - | - | - | + | - |
smtp | enable by --with-curlwrappers | - | + | - | - |
telnet | enable by --with-curlwrappers | - | + | - | - |