Web - Server

Friday 9 August 2024, 23:53  #1
Web - Server SSRF
Xela
  • 1 posts

Hey guys ,
I ’m new here , i’m trying to capture the flag in the SSRF server , the problem occurs when i i have to give me a ReverseShell the page don’t response , i thing a do all the process ok , i identify the server running locally REDIS ,after with the tool gopherus i make the payload , and i be listening in the port specified , i don’t know how dosen’t work when i put the payload into the URL, sombodycan help me ?

Monday 16 September 2024, 06:27  #2
Web - Server SSRF
deborah
  • 1 posts

@super mario 64, Ensure that the SSRF vulnerability is actually present in the target server. Try making simple requests to external resources (e.g., http://example.com) to verify if the server allows external connections.
Some SSRF vulnerabilities have limitations, such as restricting allowed protocols or domains. Make sure your payload complies with these restrictions.