jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-02-25 13:10:50 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7e6168a644c0c9c625fbe29331d83e00a48da2fd
higress/plugins/wasm-go/extensions/waf/wasmplugin/rules/crs/ssrf.data
rinfx c32e1ab69b Go WAF Plugin (#400)
2023-06-28 19:25:36 +08:00

145 lines
4.4 KiB
Plaintext
Raw Blame History

# Sources:
# - https://gist.githubusercontent.com/jhaddix/78cece26c91c6263653f31ba453e273b/raw/a4869d58a5ce337d1465c2d1b29777b9eecd371f/cloud_metadata.txt
# - https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf
# - https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery
# - https://github.com/assetnote/blind-ssrf-chains
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
#
# To fully protect, use IMDSv2 (see https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/)
http://instance-data/latest/
http://169.254.169.254/latest/
# Common evasion techniques:
http://2852039166/latest/
http://025177524776/latest/
http://0251.0376.0251.0376/latest/
http://[::ffff:a9fe:a9fe]/latest/
http://[0:0:0:0:0:ffff:a9fe:a9fe]/latest/
http://[0:0:0:0:0:ffff:169.254.169.254]/latest/
http://169.254.169.254.nip.io/latest/
http://nicob.net/redir-http-169.254.169.254:80-
# http://127.0.0.1
http://2130706433/
# http://192.168.0.1
http://3232235521/
# http://192.168.1.1
http://3232235777/
# http://169.254.169.254
http://2852039166/
# IPv6 base
http://[::]:
# AWS ECS
http://169.254.170.2/v2
## Google Cloud
# https://cloud.google.com/compute/docs/metadata
# - Requires the header "Metadata-Flavor: Google" or "X-Google-Metadata-Request: True"
http://169.254.169.254/computeMetadata/v1/
http://metadata.google.internal/computeMetadata/v1/
http://metadata/computeMetadata/v1/
# Common evasion techniques:
http://2852039166/computeMetadata/v1/
http://[::ffff:a9fe:a9fe]/computeMetadata/v1/
http://[0:0:0:0:0:ffff:a9fe:a9fe]/computeMetadata/v1/
http://[0:0:0:0:0:ffff:169.254.169.254]/computeMetadata/v1/
http://169.254.169.254.nip.io/computeMetadata/v1/
# Google allows recursive pulls
http://metadata.google.internal/computeMetadata/v1/instance/disks/?recursive=true
## Google
# Beta does NOT require a header atm
http://metadata.google.internal/computeMetadata/v1beta1/
## Digital Ocean
# https://developers.digitalocean.com/documentation/metadata/
http://169.254.169.254/metadata/v1.json
# This other prefix will be used from Azure: http://169.254.169.254/metadata/v1/
## Packetcloud
https://metadata.packet.net/userdata
## Azure
#
# To be effective, these also have to:
#
# - contain the header Metadata: true
# - not contain an X-Forwarded-For header
http://169.254.169.254/metadata/v1/
http://169.254.169.254/metadata/instance?api-version=2017-04-02
http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0/publicIpAddress?api-version=2017-04-02&format=text
# Common evasion techniques:
http://2852039166/metadata/v1/
http://[::ffff:a9fe:a9fe]/metadata/v1/
http://[0:0:0:0:0:ffff:a9fe:a9fe]/metadata/v1/
http://[0:0:0:0:0:ffff:169.254.169.254]/metadata/v1/
http://169.254.169.254.nip.io/metadata/v1/
## OpenStack/RackSpace
http://169.254.169.254/openstack
## HP Helion
# (header required? unknown)
http://169.254.169.254/2009-04-04/meta-data/
## Oracle Cloud
http://192.0.0.192/latest/
## Alibaba
http://100.100.100.200/latest/meta-data/
# Rancher metadata
http://rancher-metadata/
# Local Docker
http://127.0.0.1:2375
http://2130706433:2375/
http://[::]:2375/
http://[0000::1]:2375/
http://[0:0:0:0:0:ffff:127.0.0.1]:2375/
http://2130706433:2375/
http://017700000001:2375/
http://0x7f000001:2375/
http://0xc0a80014:2375/
# Kubernetes etcd
http://127.0.0.1:2379
# Enclosed alphanumerics
http://169。254。169。254
http://169。254。169。254
http://⑯⑨。②⑤④。⑯⑨。②⑤④
http://⓪ⓧⓐ⑨。⓪ⓧⓕⓔ。⓪ⓧⓐ⑨。⓪ⓧⓕⓔ
http://⓪ⓧⓐ⑨ⓕⓔⓐ⑨ⓕⓔ
http://②⑧⑤②⓪③⑨①⑥⑥
http://④②⑤。⑤①⓪。④②⑤。⑤①⓪
http://⓪②⑤①。⓪③⑦⑥。⓪②⑤①。⓪③⑦⑥
http://⓪⓪②⑤①。⓪⓪⓪③⑦⑥。⓪⓪⓪⓪②⑤①。⓪⓪⓪⓪⓪③⑦⑥
http://[::①⑥⑨。②⑤④。⑯⑨。②⑤④]
http://[::ⓕⓕⓕⓕ:①⑥⑨。②⑤④。⑯⑨。②⑤④]
http://⓪ⓧⓐ⑨。⓪③⑦⑥。④③⑤①⑧
http://⓪ⓧⓐ⑨。⑯⑥⑧⑨⑥⑥②
http://⓪⓪②⑤①。⑯⑥⑧⑨⑥⑥②
http://⓪⓪②⑤①。⓪ⓧⓕⓔ。④③⑤①⑧
# Java only blind ssrf
jar:http://127.0.0.1!/
jar:https://127.0.0.1!/
jar:ftp://127.0.0.1!/
# Other PL1 protocols
gopher://127.0.0.1
gopher://localhost
# AWS Lambda
http://localhost:9001/2018-06-01/runtime/
Reference in New Issue View Git Blame Copy Permalink