Server Side Request Forgery
Perform actions on the servers behalf
Last updated
Was this helpful?
Perform actions on the servers behalf
Last updated
Was this helpful?
Since it is possible to pass parameters in a redirect via location header you can use a link for a redirect to localhost
if you're lucky enough to have a function that accepts query parameters, follows redirects & does not block connections to the internet
If the target does not block connections to the internet you can use for this purpose, otherwise it is also possible to set up your own http server and implement a redirect via location header
Payload