Convert curl commands to code
curl from Google Chrome Open the Network tab in the DevTools Right click (or Ctrl-click) a request Click "Copy" → "Copy as cURL""Copy as cURL (bash)" Paste it in the curl command box above This also works in Safari and Firefox. Warning: the copied command may contain cookies or other sensitive data. Be careful if you're sharing the command with other people, sending someone your cookie for a websi
徳丸浩ã®æ—¥è¨˜: SSRF(Server Side Request Forgery)徹底入門
SSRF(Server Side Request Forgery)ã¨ã„ã†è„†å¼±æ€§ãªã„ã—攻撃手法ãŒæœ€è¿‘注目ã•ã‚Œã¦ã„ã¾ã™ã€‚以下ã¯ã€ã“ã“3ヶ月ã«SSRFã«ã¤ã„ã¦è¨€åŠã•ã‚ŒãŸè¨˜äº‹ã§ã™ã€‚ EC2上ã®AWS CLIã§ä½¿ã‚ã‚Œã¦ã„ã‚‹169.254ã«ã¤ã„㦠SSRF脆弱性を利用ã—ãŸGCE/GKEインスタンスã¸ã®æ”»æ’ƒä¾‹ SSRFを利用ã—ãŸãƒ¡ãƒ¼ãƒ«é€ä¿¡ãƒ‰ãƒ¡ã‚¤ãƒ³ã®ä¹—ã£å–ã‚Š 「CODE BLUE 2018ã€å‚åŠ ãƒ¬ãƒãƒ¼ãƒˆï¼ˆå²©é–“編) ã“ã®ã€Œç©ºå‰ã®SSRFブームã€ã«ä¾¿ä¹—ã—ã¦ã€SSRFã¨ã„ã†æ”»æ’ƒæ‰‹æ³•ãŠã‚ˆã³è„†å¼±æ€§ã«ã¤ã„ã¦èª¬æ˜Žã—ã¾ã™ã€‚ SSRF攻撃ã¨ã¯ SSRF攻撃ã¨ã¯ã€æ”»æ’ƒè€…ã‹ã‚‰ç›´æŽ¥åˆ°é”ã§ããªã„サーãƒãƒ¼ã«å¯¾ã™ã‚‹æ”»æ’ƒæ‰‹æ³•ã®ä¸€ç¨®ã§ã™ã€‚下図ã«SSRF攻撃ã®æ§˜åを示ã—ã¾ã™ã€‚ 攻撃者ã‹ã‚‰ã¯ã€å…¬é–‹ã‚µãƒ¼ãƒãƒ¼ï¼ˆ203.0.113.2)ã«ã¯ã‚¢ã‚¯ã‚»ã‚¹ã§ãã¾ã™ãŒã€å†…部ã®ã‚µãƒ¼ãƒãƒ¼ï¼ˆ192.168.0.5)ã¯ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã§éš”離ã•ã‚Œã¦ã„ã‚‹ãŸã‚外部ã‹ã‚‰ç›´æŽ¥
1
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
処ç†ã‚’実行ä¸ã§ã™
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
{{#tags}}- {{label}}
{{/tags}}