SSRF

Server Side Request Forgery (SSRF)

Query string (hidden) parameters indicating SSRF

?dest={target} 
?redirect={target} 
?uri={target} 
?path={target} 
?continue={target} 
?url={target} 
?window={target} 
?next={target} 
?data={target} 
?reference={target} 
?site={target}

Explore POST data JSON properties as well. Especially for API integration functionalities.

Bypass input validation filters with

use IP converters

Last updated

Was this helpful?