SSRF Bible / Cheatsheet

"SSRF - Server Side Request Forgery attacks. The ability to create requests from the vulnerable server to intra/internet. Using a protocol supported by available URI schemas, you can communicate with services running on other protocols. Here we collect the various options and examples (exploits) of such interaction"

URL schema support

PHP

Java

cURL

LWP

ASP.NET

gopher

enable by --with-curlwrappers

before last patches

w/o \0 char

+

ASP.NET <=3 and Windows XP and Windows Server 2003 R2 and earlier only

tftp

enable by --with-curlwrappers

-

w/o \0 char

-

-

http

+

+

+

+

+

https

+

+

+

+

+

ldap

-

-

+

+

-

ftp

+

+

+

+

+

dict

enable by --with-curlwrappers

-

+

-

-

ssh2

disabled by default

-

-

Net:SSH2 required

-

file

+

+

+

+

+

ogg

disabled by default

-

-

-

-

expect

disabled by default

-

-

-

-

imap

enable by --with-curlwrappers

-

+

+

-

pop3

enable by --with-curlwrappers

-

+

+

-

mailto

-

-

-

+

-

smtp

enable by --with-curlwrappers

-

+

-

-

telnet

enable by --with-curlwrappers

-

+

-

-