PHProxy Server-Side Request Forgery (SSRF) vulnerability - Shule's Blog

PHProxy Server-Side Request Forgery (SSRF) vulnerability

2025-6-13 13:58

|

232

|

|

0

|

2025-7-20 11:19

64 字

|

1 分钟内

PoC：

We can see that PHProxy has filtered some intranet addresses.

Code_LxnpIuBi5k

Code_fcdKBQwy8J

However, it can still be bypassed by resolving the domain name to an intranet address.

Code_WHstEZrFqL

A simple proof is shown below.

vul.aegisrisk.xyz is bound to 127.0.0.1

WindowsTerminal_xpkC5MNIeL

If the proxy accesses http://vul.aegisrisk.xyz:8080/info, it will access port 8080 of the intranet address.

chrome_iMphkOjWlC

Received the request:

WindowsTerminal_YaLXhbeqN9

版权声明：除特殊说明，博客文章均为 Shule 原创，依据 CC BY-SA 4.0 许可证进行授权，转载请附上出处链接及本声明。

暂无评论

发送评论编辑评论

Markdown

悄悄话

邮件提醒

|´・ω・)ノ

ヾ(≧∇≦*)ゝ

(☆ω☆)

（╯‵□′）╯︵┴─┴

￣﹃￣

(/ω＼)

∠( ᐛ 」∠)＿

(๑•̀ㅁ•́ฅ)

→_→

୧(๑•̀⌄•́๑)૭

٩(ˊᗜˋ*)و

(ノ°ο°)ノ

(´இ皿இ｀)

⌇●﹏●⌇

(ฅ´ω`ฅ)

(╯°A°)╯︵○○○

φ(￣∇￣o)

ヾ(´･･｀｡)ノ"

( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃

(ó﹏ò｡)

Σ(っ °Д °;)っ

( ,,´･ω･)ﾉ"(´っω･｀｡)

╮(╯▽╰)╭

o(*////▽////*)q

＞﹏＜

( ๑´•ω•) "(ㆆᴗㆆ)

颜文字

Emoji

小恐龙

花!