BugBountyNotes Forum » Bug Help » Browsing Topic

Need Help in a SSRF
Posted in Bug Help by @sonahri501




sonahri501

Researcher

server will try to fetch url which is provided after / . for example. http://targetdomain.com/http://whetever.com . site is trying to fetch a image .but whatever format a i provide it will return unsupported image type. i used burp collaborator for external interaction . and server does make http request but it will return same error . for internal ssrf "localhost & 127.0.0.1" are forbidden. tried few variations and bypassed check with 127.000.000.001 . this time error is getsocket connection failed . response time is not consistent to determine open and closed ports. like same port will take 0.5 second and if we repeat it will take 1 or even 2.0 seconds. any kind of help will be appreciated


Posted on 2018-12-25