back
loading skill details...
>-
SKILL: Server-Side Request Forgery (SSRF) — Expert Attack Playbook AI LOAD INSTRUCTION: Expert SSRF techniques. Covers URL filter bypass, cloud metadata endpoints, protocol exploitation, blind SSRF detection, and chaining to RCE. Base models know basic 169.254.169.254 — this file covers what they miss. For real-world CVE chains, DNS Rebinding deep dives, K8s SSRF, and SSRF → Redis → RCE full exploitation, load the companion SCENARIOS.md. 0. QUICK START Extended Scenarios Also load SCENARIOS.md when you need: WebLogic SSRF (CVE-2014-4210) — uddiexplorer/SearchPublicRegistries.jsp + operator parameter + %0D%0A CRLF to inject Redis commands SSRF → internal Redis → write crontab reverse shell complete payload chain DNS Rebinding deep dive — TTL=0 trick, initial-legit→second-internal resolution, rbndr.us service Kubernetes SSRF (CVE-2020-8555) and bypass (CVE-2020-8562) via DNS rebinding SSRF through PDF/screenshot generators — <iframe> and <img> in HTML-to-PDF Gopher protocol full TCP injection — Redis, MySQL, FastCGI payloads via Gopherus URL parser confusion for filter bypass — #@, \@, %00@, IPv6-mapped IPv4 Advanced Reference
don't have the plugin yet? install it then click "run inline in claude" again.