search

SSRF

hashtag
openStream

SsrfController.java
package com.example.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;

@RestController

public class SsrfController {
    @GetMapping("/ssrf/openStream")
    public String example(@RequestParam String url) throws Exception {
        URL urlObj = new URL(url);
        InputStream is = urlObj.openStream();
        BufferedReader reader = new BufferedReader(new InputStreamReader(is));
        StringBuilder response = new StringBuilder();
        String line;
        while ((line = reader.readLine()) != null) {
            response.append(line);
        }
        reader.close();
        return response.toString();
    }
}

输入没有开放的端口会报错,http://127.0.0.1:8080/ssrf/openStream?url=http://127.0.0.1:9999

image-20230313150836809

可以跳转和查看端口

image-20230313151005294
image-20230313150949239

我们可以使用Spring的RestTemplate类来进行HTTP请求,而不是直接使用openStream()方法。RestTemplate类可以帮助我们更方便地进行HTTP请求,并提供了更多的安全性选项。

hashtag
openConnection

hashtag
修复代码

上一页SQL注入下一页SSTI

最后更新于