SSRF代码分析
file_get_contents(),fsockopen(),curl_exec()
- file_get_contents()函数SSRF例子
<?php
if(isset($_POST['url'])){
$content=file_get_content($_POST['url']);
$filename='./images/'.rand().'img.jpg';
file_put_contents($filename,$content);
echo $_POST['url'];
$img="<img src=\"".$filename."\"/>";
}
echo $img;
?>
<?php
function Getfile($host,$port,$link){
$fp = fscokopen($host,intval($port),$errno,$errstr,30);
if(!fp){
echo "$errstr (error number $errno)\n";
}else{
$out = "GET $link HTTP/1.1\r\n";
$out .= "Host:$host\r\n";
$out = "Connection: Close\r\n\r\n";
$out .= "\r\n";
fwrite($fp,$out);
$content='';
while(!feof($fp)){
content .= fgets($fp,1024);
}
fclose($fp);
return $contents;
}
}
?>
<?php
if(isset($_POST['url'])){
$link = $_POST['url'];
$culobj = curl_init();
curl_setopt($curlobj,CURLOPT_POST,0);
curl_setopt($curlobj,CURLOPT_URL,$link);
curl_setopt($curlobj,CURLOPT_RETURNTRANSFER,1);
$result=curl_exec($curlobj);
curl_close($curlobj);
$filename = './images/'.rand().'.txt';
file_put_contents($filename,$result);
echo $result;
}
?>