Maximize Security and Efficiency with Translation Software: Understanding Web Translation Principles and Vulnerability Risks

SSRF (Server-Side Request Forgery)

0x01. Similar Principle:

Translation: Provide the text to be translated -> Translation software -> Return translated dataA controls B to access CWeb translation principle:Plan A:1. Request the target site2. Obtain the target site data on the browser3. Translation software returns the dataPlan B:1. Provide the target URL to the translation website2. Translation website accesses on behalf, obtains target site data3. Translation website returns the translated data

0x02. The core of SSRF is attacking the intranet

Through SSRF, the following can be achieved:

Why do some vendors use components with known vulnerabilities?

0x03. How to discover SSRF:

Parameter contains protocol header: http://Protocol: http:// Any other protocol can try SSRFParameter contains filename: a.txt => b.php (x.extension)(1) File reading(2) File inclusion(3) Arbitrary file download

0x04. Differences between SSRF, CSRF, and XSS:

CSRF: Use cookies to make the browser send requests secretlyCSRF (Cross-Site Request Forgery) -> Control the victim’s browser to initiate network requestsCore: The browser sends data packets secretly without the user’s knowledgeXSS: Steal cookies, execute on the browser

SSRF: Execute on the server, make the server send requests secretly (related to the backend, unrelated to the frontend)SSRF (Server-Side Request Forgery) -> Control the target server to initiate network requests

Testing

Translation software
Translation software

Can initiate network requests, SSRF exists, but the core of SSRF is attacking the intranet, try accessing 127.0.0.1:80 to see if it can be accessed

Successfully accessed 127.0.0.1:80, so the page is the sameSince it can be accessed, use Burp to run it, use dict to detect which ports are open

Found the page has nothing, but opened the page source code and found the flag.

Advanced Content (Using Gopher, Redis Getshell)

0.01. Install Redis

Install Redis in Kali, download the compressed package with the installation version command:

Unzip:Enter the Redis directory:Then enter the src folder, start the Redis serviceThen start Redis again, enter ping, if it returns pong, it has started normally

0x02. Create root directory and configure Redis

First, you need to use root privileges, create a wwwroot folder in the home folder, and create a default folder in wwwroot to store a one-sentence Trojan horse later.It is the root directory of the website.

I failed to save here, need to start Redis with ROOT privileges, started over, started the Redis server and ran Redis with root privileges

0x03. Start Wireshark to monitor the network card

Open Wireshark, select the Kali network card to monitor, then write a one-sentence Trojan horse in the root directory just created in Redis.

Right-click in Wireshark -> Follow TCP Stream -> Copy all content for URL encoding

Since Wireshark was not started to monitor the network card in advance, I started Wireshark here and created a one-sentence Trojan horse again

Right-click directly in Wireshark

Copy the data down and perform URL encoding

After URL encoding, add the prefix, then put it in the search box, click execute, the above picture failed because the question mark was not URL encoded, be sure to URL encode the question mark as well.