{"id":4322,"date":"2021-07-12T15:20:08","date_gmt":"2021-07-12T10:50:08","guid":{"rendered":"https:\/\/liangroup.net\/blog\/?p=2779"},"modified":"2022-02-02T15:32:43","modified_gmt":"2022-02-02T12:02:43","slug":"what-is-ssrf","status":"publish","type":"post","link":"https:\/\/liangroup.net\/blog\/what-is-ssrf\/","title":{"rendered":"SSRF \u0686\u06cc\u0633\u062a\u061f \u062a\u0634\u0631\u06cc\u062d \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF + \u062f\u0627\u0646\u0644\u0648\u062f \u0645\u0642\u0627\u0644\u0647"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"4322\" class=\"elementor elementor-4322\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f7943d0 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f7943d0\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-587c1a4\" data-id=\"587c1a4\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fce364a elementor-widget elementor-widget-text-editor\" data-id=\"fce364a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u062a\u0648\u0636\u06cc\u062d \u0645\u06cc\u200c\u062f\u0647\u06cc\u0645 \u062d\u0645\u0644\u0647\u200c\u06cc SSRF (\u06a9\u0648\u062a\u0627\u0647\u200c\u0634\u062f\u0647\u200c\u06cc Sever-Side Request Forgery) \u06cc\u0627 \u00ab\u062a\u0648\u0644\u06cc\u062f \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc \u0633\u0645\u062a \u0633\u0631\u0648\u0631\u00bb \u0686\u06cc\u0633\u062a\u061f \u0686\u0646\u062f \u0646\u0645\u0648\u0646\u0647\u200e\u200c\u06cc \u0633\u0627\u062f\u0647 \u0627\u0632 \u0622\u0646 \u0631\u0627 \u062a\u0634\u0631\u06cc\u062d \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645\u060c \u0648 \u062a\u0648\u0636\u06cc\u062d \u0645\u06cc\u200c\u062f\u0647\u06cc\u0645 \u0686\u0637\u0648\u0631 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0646\u0648\u0627\u0639 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc SSRF \u0631\u0627 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0648 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u06a9\u0646\u06cc\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f8fe28a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f8fe28a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-aa48b3e\" data-id=\"aa48b3e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f82d475 elementor-widget elementor-widget-text-editor\" data-id=\"f82d475\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><a href=\"#what-is-ssrf\"><span style=\"color: #000000;\"><strong>SSRF \u0686\u06cc\u0633\u062a\u061f <\/strong><\/span><\/a><\/li><li><a href=\"#ssrf-consequences\"><span style=\"color: #000000;\"><strong>\u062d\u0645\u0644\u0627\u062a SSRF \u0686\u0647 \u0639\u0648\u0627\u0642\u0628\u06cc \u062f\u0627\u0631\u0646\u062f\u061f <\/strong><\/span><\/a><\/li><li><a href=\"#types-of-ssrf\"><span style=\"color: #000000;\"><strong>\u0627\u0646\u0648\u0627\u0639 \u0631\u0627\u06cc\u062c \u062d\u0645\u0644\u0627\u062a SSRF <\/strong><\/span><\/a><\/li><li><a href=\"#ssrf-attack-against-server\"><span style=\"color: #000000;\"><strong>\u062d\u0645\u0644\u0627\u062a SSRF \u0639\u0644\u06cc\u0647 \u062e\u0648\u062f \u0633\u0631\u0648\u0631 <\/strong><\/span><\/a><\/li><li><a href=\"#ssrf-attacks-against-other-systems\"><span style=\"color: #000000;\"><strong>\u062d\u0645\u0644\u0627\u062a SSRF \u0639\u0644\u06cc\u0647 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0628\u06a9\u200c\u0627\u0646\u062f \u062f\u06cc\u06af\u0631 <\/strong><\/span><\/a><\/li><li><a href=\"#defence-bypass-against-ssrf\"><span style=\"color: #000000;\"><strong>\u062f\u0648\u0631\u0632\u062f\u0646 \u0631\u0627\u0647\u06a9\u0627\u0631\u0647\u0627\u06cc \u062f\u0641\u0627\u0639 \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 SSRF <\/strong><\/span><\/a><\/li><li><a href=\"#ssrf-bypass-with-open-redirection\"><span style=\"color: #000000;\"><strong>\u062f\u0648\u0631\u0632\u062f\u0646 \u0641\u06cc\u0644\u062a\u0631\u0647\u0627\u06cc SSRF \u0628\u0627 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a Open Redirection<\/strong><\/span><\/a><\/li><li><a href=\"#blind-ssrf\"><span style=\"color: #000000;\"><strong>\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Blind SSRF <\/strong><\/span><\/a><\/li><li><a href=\"#blind-ssrf-impact\"><span style=\"color: #000000;\"><strong>\u0645\u06cc\u0632\u0627\u0646 \u062a\u0627\u062b\u06cc\u0631\u06af\u0630\u0627\u0631\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Blind SSRF \u0686\u0642\u062f\u0631 \u0627\u0633\u062a\u061f <\/strong><\/span><\/a><\/li><li><a href=\"#finding-&amp;-exploiting-blind-ssrf\"><span style=\"color: #000000;\"><strong>\u0646\u062d\u0648\u0647 \u06cc\u0627\u0641\u062a\u0646 \u0648 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc Blind SSRF <\/strong><\/span><\/a><\/li><li><a href=\"#finding-attack-level-of-hidden-ssrf\"><strong><span style=\"color: #000000;\">\u06cc\u0627\u0641\u062a\u0646 \u0633\u0637\u062d \u062d\u0645\u0644\u0647\u200c\u06cc \u0645\u062e\u0641\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc SSRF<\/span> <\/strong><\/a><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-bf18463 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bf18463\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-bf57a5f\" data-id=\"bf57a5f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7e2d6af elementor-widget elementor-widget-text-editor\" data-id=\"7e2d6af\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 id=\"what-is-ssrf\"><strong>SSRF \u0686\u06cc\u0633\u062a\u061f<\/strong><\/h2>\n<p style=\"text-align: justify;\">\u062a\u0648\u0644\u06cc\u062f \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u06cc\u0627 \u0647\u0645\u0627\u0646 SSRF\u060c \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0648\u0628 \u0627\u0633\u062a \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0622\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u06a9\u0627\u0631\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0633\u0645\u062a \u0633\u0631\u0648\u0631\u060c \u0628\u0647 \u062f\u0627\u0645\u0646\u0647\u200c\u06cc \u062f\u0644\u062e\u0648\u0627\u0647 \u0627\u0648 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc HTTP \u0628\u0641\u0631\u0633\u062a\u062f.<\/p>\n<p style=\"text-align: justify;\">\u062f\u0631 \u0646\u0645\u0648\u0646\u0647\u200c\u0647\u0627\u06cc \u0631\u0627\u06cc\u062c SSRF\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0627\u0639\u062b \u0634\u0648\u062f \u06a9\u0647 \u0633\u0631\u0648\u0631 \u0628\u0647 \u062e\u0648\u062f\u0634 (\u0628\u0647 \u0635\u0648\u0631\u062a \u0644\u0648\u067e\u200c\u0628\u06a9)\u060c \u0628\u0627 \u062f\u06cc\u06af\u0631 \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc \u0648\u0628 \u062f\u0627\u062e\u0644 \u0632\u06cc\u0631\u0633\u0627\u062e\u062a \u0633\u0627\u0632\u0645\u0627\u0646 \u06cc\u0627 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc \u0645\u062a\u0641\u0631\u0642\u0647\u060c \u00a0\u0627\u062a\u0635\u0627\u0644 \u0628\u0631\u0642\u0631\u0627\u0631 \u06a9\u0646\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-955404a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"955404a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f59d4a3\" data-id=\"f59d4a3\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5341de6 elementor-widget elementor-widget-image\" data-id=\"5341de6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"780\" height=\"439\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2020\/06\/1.png\" class=\"attachment-large size-large wp-image-12678\" alt=\"ssrf\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2020\/06\/1.png 781w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2020\/06\/1-300x169.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2020\/06\/1-768x433.png 768w\" sizes=\"(max-width: 780px) 100vw, 780px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-db40f66 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"db40f66\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-fd3c4c8\" data-id=\"fd3c4c8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f83cb1b elementor-widget elementor-widget-text-editor\" data-id=\"f83cb1b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 id=\"ssrf-consequences\"><strong>\u062d\u0645\u0644\u0627\u062a SSRF \u0686\u0647 \u0639\u0648\u0627\u0642\u0628\u06cc \u062f\u0627\u0631\u0646\u062f\u061f<\/strong><\/h2>\n<p style=\"text-align: justify;\">\u06cc\u06a9 \u062d\u0645\u0644\u0647 SSRF \u0645\u0648\u0641\u0642 \u0645\u0639\u0645\u0648\u0644\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u0627\u0646\u062c\u0627\u0645 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u06cc\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u062f\u0648\u0646 \u0645\u062c\u0648\u0632 \u0628\u0647 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062f\u0627\u062e\u0644 \u06cc\u06a9 \u0633\u0627\u0632\u0645\u0627\u0646 \u0634\u0648\u062f. \u0627\u06cc\u0646 \u0639\u0648\u0627\u0642\u0628 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0645\u062a\u0648\u062c\u0647 \u062e\u0648\u062f \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0628\u0627\u0634\u0646\u062f\u060c \u06cc\u0627 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0631\u0627\u06cc \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0628\u06a9\u200c\u0627\u0646\u062f\u06cc \u0627\u062a\u0641\u0627\u0642 \u0628\u06cc\u0627\u0641\u062a\u0646\u062f \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0627 \u0622\u0646\u200c\u0647\u0627 \u062f\u0631 \u0627\u0631\u062a\u0628\u0627\u0637 \u0627\u0633\u062a. \u0628\u0639\u0636\u06cc \u0645\u0648\u0627\u0642\u0639\u060c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u06a9\u0647 \u062d\u0645\u0644\u0627\u062a ACE (\u0627\u062c\u0631\u0627\u06cc \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u062f\u0644\u062e\u0648\u0627\u0647 \u06cc\u0627 Arbitrary Code Execution) \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u062f.<\/p>\n<p style=\"text-align: justify;\">\u06cc\u06a9 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a SSRF \u06a9\u0647 \u0628\u0627\u0639\u062b \u0628\u0631\u0642\u0631\u0627\u0631\u06cc \u0627\u062a\u0635\u0627\u0644 \u0628\u0647 \u06cc\u06a9 \u0633\u06cc\u0633\u062a\u0645 \u0645\u062a\u0641\u0631\u0642\u0647\u200c\u06cc \u062e\u0627\u0631\u062c\u06cc \u0634\u0648\u062f\u060c \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u062d\u0645\u0644\u0627\u062a \u0645\u062e\u0631\u0628\u06cc \u0631\u0627 \u062f\u0631 \u067e\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f \u06a9\u0647 \u062f\u0631 \u0638\u0627\u0647\u0631 \u0645\u0628\u062f\u0623 \u0622\u0646\u200c\u0647\u0627 \u0633\u0627\u0632\u0645\u0627\u0646\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0631\u0627 \u0645\u06cc\u0632\u0628\u0627\u0646\u06cc \u0645\u06cc\u200c\u06a9\u0631\u062f\u0647\u060c \u0648 \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062c\u0647\u062a \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0627\u0639\u062b \u0628\u0647\u200c\u0648\u062c\u0648\u062f\u0622\u0645\u062f\u0646 \u0645\u0634\u06a9\u0644\u0627\u062a \u062d\u0642\u0648\u0642\u06cc \u0648 \u0622\u0633\u06cc\u0628\u200c\u0631\u0633\u06cc\u062f\u0646 \u0628\u0647 \u0648\u062c\u0647\u0647\u200c\u06cc \u0633\u0627\u0632\u0645\u0627\u0646 \u0634\u0648\u0646\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1a68138 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1a68138\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0dfed0c\" data-id=\"0dfed0c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-05d51e2 elementor-widget elementor-widget-text-editor\" data-id=\"05d51e2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"color: #0000ff; font-size: 14pt;\">\u00ab\u0645\u0637\u0644\u0628 \u0645\u0634\u0627\u0628\u0647\u00bb<\/span><\/p><ul><li><a href=\"https:\/\/liangroup.net\/blog\/csrf\/\"><strong>\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CSRF \u0686\u06cc\u0633\u062a<\/strong><\/a>\u061f<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9f7ecd3 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9f7ecd3\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-95a7bfe\" data-id=\"95a7bfe\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-082e640 elementor-widget elementor-widget-text-editor\" data-id=\"082e640\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 id=\"types-of-ssrf\"><strong>\u0627\u0646\u0648\u0627\u0639 \u0631\u0627\u06cc\u062c \u062d\u0645\u0644\u0627\u062a SSRF<\/strong><\/h2>\n<p style=\"text-align: justify;\">\u062d\u0645\u0644\u0627\u062a SSRF \u0645\u0639\u0645\u0648\u0644\u0627 \u0627\u0639\u062a\u0645\u0627\u062f\u06cc \u06a9\u0647 \u0628\u06cc\u0646 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0645\u062e\u062a\u0644\u0641 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u0631\u0627 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u062a\u0627 \u0628\u062a\u0648\u0627\u0646\u0646\u062f \u06af\u0633\u062a\u0631\u0647\u200c\u06cc \u062d\u0645\u0644\u0647 \u0631\u0627 \u0627\u0632 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0641\u0631\u0627\u062a\u0631 \u0628\u0628\u0631\u0646\u062f \u0648 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u0645\u062f \u0646\u0638\u0631 \u062e\u0648\u062f \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u0646\u062f. \u0627\u06cc\u0646 \u0627\u0639\u062a\u0645\u0627\u062f \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u062f\u0631 \u0647\u0645\u0627\u0646 \u0633\u0631\u0648\u0631\u06cc \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0631\u0627 \u0645\u06cc\u0632\u0628\u0627\u0646\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u06cc\u0627 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0631\u0627\u06cc \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0628\u06a9\u200c\u0627\u0646\u062f \u062f\u06cc\u06af\u0631 \u062f\u0631 \u0647\u0645\u0627\u0646 \u0633\u0627\u0632\u0645\u0627\u0646 \u0646\u06cc\u0632 \u0628\u0631\u0642\u0631\u0627\u0631 \u0628\u0627\u0634\u062f\u061b \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062c\u0647\u062a \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u062d\u0645\u0644\u0627\u062a SSRF \u0631\u0627 \u0628\u0647 \u062f\u0648 \u062f\u0633\u062a\u0647\u200c\u06cc \u0627\u0635\u0644\u06cc \u062a\u0642\u0633\u06cc\u0645 \u06a9\u0631\u062f: \u062d\u0645\u0644\u0627\u062a\u06cc \u06a9\u0647 \u0639\u0644\u06cc\u0647 \u062e\u0648\u062f \u0633\u0631\u0648\u0631 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0648 \u062d\u0645\u0644\u0627\u062a\u06cc \u06a9\u0647 \u0639\u0644\u06cc\u0647 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0628\u06a9\u200c\u0627\u0646\u062f \u062f\u06cc\u06af\u0631 \u062f\u0631 \u0633\u0627\u0632\u0645\u0627\u0646 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-291eb36 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"291eb36\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-dd379bf\" data-id=\"dd379bf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-faf14db elementor-widget elementor-widget-text-editor\" data-id=\"faf14db\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 id=\"ssrf-attack-against-server\"><strong>\u062d\u0645\u0644\u0627\u062a SSRF \u0639\u0644\u06cc\u0647 \u062e\u0648\u062f \u0633\u0631\u0648\u0631<\/strong><\/h3>\n<p style=\"text-align: justify;\">\u062f\u0631 \u062d\u0645\u0644\u0627\u062a SSRF \u06a9\u0647 \u0639\u0644\u06cc\u0647 \u062e\u0648\u062f \u0633\u0631\u0648\u0631 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0645\u0647\u0627\u062c\u0645 \u06a9\u0627\u0631\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0631\u0627\u0628\u0637 \u0634\u0628\u06a9\u0647\u200c\u06cc \u0644\u0648\u067e\u200c\u0628\u06a9 (loopback) \u062e\u0648\u062f\u060c \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0628\u0647 \u0633\u0631\u0648\u0631\u06cc \u0628\u0641\u0631\u0633\u062a\u062f\u061b \u06a9\u0647 \u0622\u0646 \u0631\u0627 \u0645\u06cc\u0632\u0628\u0627\u0646\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0645\u0639\u0645\u0648\u0644\u0627 \u0644\u0627\u0632\u0645 \u0627\u0633\u062a \u06cc\u06a9 URL \u0648 \u06cc\u06a9 host name \u0645\u0627\u0646\u0646\u062f 127.0.0.1 (\u06cc\u06a9 \u0622\u062f\u0631\u0633 IP \u0631\u0632\u0631\u0648\u0634\u062f\u0647 \u06a9\u0647 \u0645\u062a\u0639\u0644\u0642 \u0628\u0647 \u0622\u062f\u0627\u067e\u062a\u0648\u0631 \u0644\u0648\u067e\u200c\u0628\u06a9 \u0627\u0633\u062a) \u06cc\u0627 localhost (\u0646\u0627\u0645\u06cc \u06a9\u0647 \u0645\u0639\u0645\u0648\u0644\u0627 \u0628\u0631\u0627\u06cc \u0647\u0645\u06cc\u0646 \u0622\u062f\u0627\u067e\u062a\u0648\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f) \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f.<\/p>\n<p style=\"text-align: justify;\">\u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644\u060c \u06cc\u06a9 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u062e\u0631\u06cc\u062f \u0631\u0627 \u0641\u0631\u0636 \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u0645\u0648\u062c\u0648\u062f\u06cc \u06cc\u06a9 \u0645\u062d\u0635\u0648\u0644 \u062e\u0627\u0635 \u062f\u0631 \u06cc\u06a9 \u0641\u0631\u0648\u0634\u06af\u0627\u0647 \u0631\u0627 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u0646\u062f. \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0631\u0627\u06cc \u062a\u0647\u06cc\u0647\u200c\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0645\u0648\u062c\u0648\u062f\u06cc \u0645\u062d\u0635\u0648\u0644\u060c \u0628\u0633\u062a\u0647 \u0628\u0647 \u0645\u062d\u0635\u0648\u0644 \u0648 \u0641\u0631\u0648\u0634\u06af\u0627\u0647\u060c \u0628\u0627\u06cc\u062f \u0628\u0647 REST API\u0647\u0627\u06cc \u0628\u06a9\u200c\u0627\u0646\u062f \u0645\u062e\u062a\u0644\u0641\u06cc \u06a9\u0648\u0626\u0631\u06cc \u0628\u0632\u0646\u062f. \u0627\u06cc\u0646 \u0639\u0645\u0644\u06a9\u0631\u062f \u0628\u0647 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a \u067e\u06cc\u0627\u062f\u0647 \u0634\u062f\u0647 \u06a9\u0647 URL \u0627\u0632 \u0637\u0631\u06cc\u0642 \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0641\u0631\u0627\u0646\u062a\u200c\u0627\u0646\u062f HTTP \u0628\u0647 \u0627\u0646\u062f\u067e\u0648\u06cc\u0646\u062a \u0628\u06a9\u200c\u0627\u0646\u062f API \u0645\u0631\u0628\u0648\u0637\u0647 \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u200c\u0634\u0648\u062f. \u0648\u0642\u062a\u06cc \u06cc\u06a9 \u06a9\u0627\u0631\u0628\u0631 \u0645\u06cc\u200c\u062e\u0648\u0627\u0647\u062f \u0648\u0636\u0639\u06cc\u062a \u0645\u0648\u062c\u0648\u062f\u06cc \u06cc\u06a9 \u0645\u062d\u0635\u0648\u0644 \u0631\u0627 \u0628\u0628\u06cc\u0646\u062f\u060c \u0645\u0631\u0648\u0631\u06af\u0631 \u0627\u0648 \u0686\u0646\u06cc\u0646 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u06cc \u0631\u0627 \u0628\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-acca150 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"acca150\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-117e4e8\" data-id=\"117e4e8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b2ce2e1 elementor-widget elementor-widget-text-editor\" data-id=\"b2ce2e1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><strong><span style=\"color: #ffffff;\">POST \/product\/stock HTTP\/1.0\u00a0<\/span><\/strong><\/p><p style=\"direction: ltr; text-align: left;\"><strong><span style=\"color: #ffffff;\">Content-Type: application\/x-www-form-urlencoded<\/span><\/strong><\/p><p style=\"direction: ltr; text-align: left;\"><strong><span style=\"color: #ffffff;\">Content-Length: 118<\/span><\/strong><\/p><p style=\"direction: ltr; text-align: left;\"><strong><span style=\"color: #ffffff;\">stockApi=http:\/\/stock.weliketoshop.net:8080\/product\/stock\/check%3FproductId%3D6%26store<\/span><span style=\"color: #ffffff;\">Id<\/span><span style=\"color: #ffffff;\">%3D1<\/span><\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9347a50 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9347a50\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-180e75a\" data-id=\"180e75a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fc6178e elementor-widget elementor-widget-text-editor\" data-id=\"fc6178e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u0627\u06cc\u0646 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u0633\u0631\u0648\u0631 \u0628\u0647 URL \u062a\u0639\u06cc\u06cc\u0646\u200c\u0634\u062f\u0647 \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f \u0648 \u067e\u0633 \u0627\u0632 \u062f\u0631\u06cc\u0627\u0641\u062a \u0648\u0636\u0639\u06cc\u062a \u0645\u0648\u062c\u0648\u062f\u06cc \u0645\u062d\u0635\u0648\u0644\u060c \u0622\u0646 \u0631\u0627 \u0628\u0647 \u0627\u06cc\u0646 \u06a9\u0627\u0631\u0628\u0631 \u0628\u0631\u06af\u0631\u062f\u0627\u0646\u062f.<\/p><p style=\"text-align: justify;\">\u062d\u0627\u0644 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0631\u0627 \u062f\u0633\u062a\u06a9\u0627\u0631\u06cc \u06a9\u0646\u062f \u0648 \u062f\u0631 \u0622\u0646 \u06cc\u06a9 URL \u0628\u0647 \u062e\u0648\u062f \u0633\u0631\u0648\u0631 \u0642\u0631\u0627\u0631 \u062f\u0647\u062f. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-00d94bc elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"00d94bc\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2deaa3a\" data-id=\"2deaa3a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6c9ece8 elementor-widget elementor-widget-text-editor\" data-id=\"6c9ece8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\"><strong>Content-Type: application\/x-www-form-urlencoded<\/strong><\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\"><strong>Content-Length: 118\u00a0<\/strong><\/span><\/p><p style=\"direction: ltr; text-align: left;\">\u00a0<\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\"><strong>stockApi=http:\/\/localhost\/admin<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7e242e6 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7e242e6\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-225beb4\" data-id=\"225beb4\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-da464b0 elementor-widget elementor-widget-text-editor\" data-id=\"da464b0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u0633\u0631\u0648\u0631 \u0628\u0627 \u062f\u0631\u06cc\u0627\u0641\u062a \u0627\u06cc\u0646 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u060c \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u0622\u062f\u0631\u0633 \/admin \u0631\u0627 \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631 \u0628\u0631\u0645\u06cc\u200c\u06af\u0631\u062f\u0627\u0646\u062f.<\/p><p style=\"text-align: justify;\">\u0627\u0644\u0628\u062a\u0647 \u0645\u0634\u062e\u0635 \u0627\u0633\u062a \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062e\u0648\u062f\u0634 \u0645\u0633\u062a\u0642\u06cc\u0645\u0627 \u0628\u0647 \u0622\u062f\u0631\u0633 \/admin \u0633\u0631 \u0628\u0632\u0646\u062f\u061b \u0627\u0645\u0627 \u0639\u0645\u0644\u06a9\u0631\u062f\u0647\u0627\u06cc \u0645\u062e\u0635\u0648\u0635 \u0627\u062f\u0645\u06cc\u0646 \u0645\u0639\u0645\u0648\u0644\u0627 \u062a\u0646\u0647\u0627 \u0628\u0631\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646\u06cc \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0647\u0633\u062a\u0646\u062f \u06a9\u0647 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0645\u0646\u0627\u0633\u0628 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0627\u062f\u0647 \u0628\u0627\u0634\u0646\u062f. \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0648\u0642\u062a\u06cc \u0645\u0647\u0627\u062c\u0645 \u0645\u0633\u062a\u0642\u06cc\u0645\u0627 \u0628\u0647 \u0627\u06cc\u0646 URL \u0633\u0631 \u0628\u0632\u0646\u062f\u060c \u0686\u06cc\u0632 \u0645\u0647\u0645\u06cc \u062f\u0633\u062a\u06af\u06cc\u0631\u0634 \u0646\u0645\u06cc\u200c\u0634\u0648\u062f. \u0627\u0645\u0627 \u0648\u0642\u062a\u06cc \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0628\u0647 \u0622\u062f\u0631\u0633 \/admin \u0645\u0633\u062a\u0642\u06cc\u0645\u0627 \u0627\u0632 \u0633\u0648\u06cc \u06cc\u06a9 \u0645\u0627\u0634\u06cc\u0646 \u0645\u062d\u0644\u06cc \u0627\u0631\u0633\u0627\u0644 \u0634\u062f\u0647 \u0628\u0627\u0634\u062f\u060c \u06a9\u0646\u062a\u0631\u0644\u200c\u0647\u0627\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0645\u0639\u0645\u0648\u0644\u06cc \u062f\u06cc\u06af\u0631 \u0627\u0639\u0645\u0627\u0644 \u0646\u0645\u06cc\u200c\u0634\u0648\u0646\u062f (Bypass \u0645\u06cc\u200c\u0634\u0648\u0646\u062f). \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u062f\u0631 \u067e\u0627\u0633\u062e \u0628\u0647 \u0686\u0646\u06cc\u0646 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u06cc\u060c \u062f\u0633\u062a\u0631\u0633\u06cc \u06a9\u0627\u0645\u0644 \u0628\u0647 \u0639\u0645\u0644\u06a9\u0631\u062f\u0647\u0627\u06cc \u0627\u062f\u0645\u06cc\u0646 \u0631\u0627 \u0627\u0639\u0637\u0627 \u0645\u06cc\u200c\u06a9\u0646\u062f\u061b \u0686\u0648\u0646 \u0628\u0647 \u0646\u0638\u0631 \u0645\u06cc\u200c\u0631\u0633\u062f \u06a9\u0647 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0627\u0632 \u0645\u062d\u0644 \u0645\u0648\u0631\u062f \u0627\u0639\u062a\u0645\u0627\u062f\u06cc \u0627\u0631\u0633\u0627\u0644 \u0634\u062f\u0647 \u0627\u0633\u062a.<\/p><p style=\"text-align: justify;\">\u0627\u0645\u0627 \u0686\u0631\u0627 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627 \u0627\u06cc\u0646\u200c\u06af\u0648\u0646\u0647 \u0639\u0645\u0644 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u0648 \u0628\u0647 \u0637\u0648\u0631 \u063a\u06cc\u0631\u0645\u0633\u062a\u0642\u06cc\u0645 \u0628\u0647 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u0627\u0632 \u0645\u0627\u0634\u06cc\u0646 \u0645\u062d\u0644\u06cc \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0627\u0639\u062a\u0645\u0627\u062f \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f\u061f \u0627\u06cc\u0646 \u0645\u0633\u0627\u0644\u0647 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u062f\u0644\u0627\u06cc\u0644 \u0645\u062e\u062a\u0644\u0641\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f:<\/p><ul style=\"text-align: justify;\"><li>\u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0631\u0627\u0647\u06a9\u0627\u0631 \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u062f\u0631 \u0628\u062e\u0634 \u062c\u062f\u0627\u06af\u0627\u0646\u0647\u200c\u0627\u06cc \u067e\u06cc\u0627\u062f\u0647\u200c\u0633\u0627\u0632\u06cc \u0634\u062f\u0647 \u0628\u0627\u0634\u062f \u06a9\u0647 \u062c\u0644\u0648\u06cc \u0633\u0631\u0648\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f. \u0648\u0642\u062a\u06cc \u06cc\u06a9 \u0627\u062a\u0635\u0627\u0644 \u0627\u0632 \u0633\u0631\u0648\u0631 \u0628\u0647 \u062e\u0648\u062f\u0634 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u062a\u0648\u0633\u0637 \u0627\u06cc\u0646 \u0631\u0627\u0647\u06a9\u0627\u0631 \u0628\u0631\u0631\u0633\u06cc \u0646\u0645\u06cc\u200c\u0634\u0648\u062f.<\/li><li>\u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0631\u0627\u06cc \u062a\u0633\u0647\u06cc\u0644 \u0628\u0627\u0632\u06cc\u0627\u0628\u06cc \u0627\u0632 \u062d\u0627\u062f\u062b\u0647\u060c \u0628\u0647 \u062a\u0645\u0627\u0645 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646\u06cc \u06a9\u0647 \u0627\u0632 \u0645\u0627\u0634\u06cc\u0646\u200c\u0647\u0627\u06cc \u0645\u062d\u0644\u06cc \u0622\u0645\u062f\u0647\u200c\u0627\u0646\u062f\u060c \u0628\u062f\u0648\u0646 \u0646\u06cc\u0627\u0632 \u0628\u0647 \u0644\u0627\u06af\u06cc\u0646 \u0627\u062c\u0627\u0632\u0647\u200c\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0633\u0637\u062d \u0627\u062f\u0645\u06cc\u0646 \u0631\u0627 \u0628\u062f\u0647\u062f. \u0627\u06cc\u0646 \u06af\u0648\u0646\u0647 \u0627\u06af\u0631 \u0627\u062f\u0645\u06cc\u0646 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0648\u0631\u0648\u062f \u062e\u0648\u062f \u0631\u0627 \u0641\u0631\u0627\u0645\u0648\u0634 \u06a9\u0631\u062f\u060c \u0631\u0627\u0647\u06cc \u0628\u0631\u0627\u06cc \u0628\u0627\u0632\u06cc\u0627\u0628\u06cc \u0633\u06cc\u0633\u062a\u0645 \u062f\u0627\u0631\u062f. \u062f\u0631 \u0627\u06cc\u0646\u200c\u062c\u0627 \u0641\u0631\u0636 \u0628\u0631 \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u0641\u0642\u0637 \u06a9\u0627\u0631\u0628\u0631\u06cc \u0645\u0633\u062a\u0642\u06cc\u0645\u0627 \u0627\u0632 \u062e\u0648\u062f \u0633\u0631\u0648\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u06a9\u0627\u0645\u0644\u0627 \u0645\u0648\u0631\u062f \u0627\u0639\u062a\u0645\u0627\u062f \u0627\u0633\u062a.<\/li><li>\u067e\u0648\u0631\u062a\u06cc \u06a9\u0647 \u0631\u0627\u0628\u0637 \u0634\u0628\u06a9\u0647\u200c\u06cc \u0627\u062f\u0645\u06cc\u0646 \u0628\u0647 \u0622\u0646 \u06af\u0648\u0634 \u0645\u06cc\u200c\u06a9\u0646\u062f \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0627 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u0635\u0644\u06cc \u0645\u062a\u0641\u0627\u0648\u062a \u0628\u0627\u0634\u062f\u060c \u0648 \u0628\u0647 \u0647\u0645\u06cc\u0646 \u0639\u0644\u062a \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0647\u200c\u0635\u0648\u0631\u062a \u0645\u0633\u062a\u0642\u06cc\u0645 \u062a\u0648\u0633\u0637 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0642\u0627\u0628\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0646\u0628\u0627\u0634\u062f.<\/li><\/ul><p style=\"text-align: justify;\">\u0639\u0645\u062f\u062a\u0627\u064b \u0627\u06cc\u0646 \u0627\u0639\u062a\u0645\u0627\u062f\u0647\u0627 \u0647\u0633\u062a\u0646\u062f \u06a9\u0647 SSRF \u0631\u0627 \u062a\u0628\u062f\u06cc\u0644 \u0628\u0647 \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062d\u06cc\u0627\u062a\u06cc \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f\u061b \u06cc\u0639\u0646\u06cc \u0632\u0645\u0627\u0646\u06cc \u06a9\u0647 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200e\u0647\u0627\u06cc \u0627\u0631\u0633\u0627\u0644\u200c\u0634\u062f\u0647 \u0627\u0632 \u0645\u0627\u0634\u06cc\u0646 \u0645\u062d\u0644\u06cc \u0646\u0633\u0628\u062a \u0628\u0647 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc \u0645\u0639\u0645\u0648\u0644\u06cc \u0628\u0647 \u0631\u0648\u0634 \u0645\u062a\u0641\u0627\u0648\u062a\u06cc \u067e\u0631\u062f\u0627\u0632\u0634 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-cf612d3 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cf612d3\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-a406af6\" data-id=\"a406af6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-caa0414 elementor-widget elementor-widget-text-editor\" data-id=\"caa0414\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 id=\"ssrf-attacks-against-other-systems\"><strong>\u062d\u0645\u0644\u0627\u062a SSRF \u0639\u0644\u06cc\u0647 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0628\u06a9\u200c\u0627\u0646\u062f \u062f\u06cc\u06af\u0631<\/strong><\/h3><p style=\"text-align: justify;\">\u0646\u0648\u0639 \u062f\u06cc\u06af\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0627\u0639\u062a\u0645\u0627\u062f\u0647\u0627 \u06a9\u0647 \u0645\u0639\u0645\u0648\u0644\u0627 \u0632\u0645\u06cc\u0646\u0647\u200c\u06cc \u062d\u0645\u0644\u0627\u062a SSRF \u0631\u0627 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u0648\u0631\u0646\u062f\u060c \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0645\u0648\u0627\u0642\u0639\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0633\u0631\u0648\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0627 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0628\u06a9\u200c\u0627\u0646\u062f \u062f\u06cc\u06af\u0631\u06cc \u062a\u0639\u0627\u0645\u0644 \u06a9\u0646\u062f \u06a9\u0647 \u0628\u0647\u200c\u0637\u0648\u0631 \u0645\u0633\u062a\u0642\u06cc\u0645 \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0646\u06cc\u0633\u062a\u0646\u062f. \u0627\u06cc\u0646 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627 \u0645\u0639\u0645\u0648\u0644\u0627 \u0622\u062f\u0631\u0633\u200c\u0647\u0627\u06cc IP \u062e\u0635\u0648\u0635\u06cc non-routable \u062f\u0627\u0631\u0646\u062f (\u06cc\u0639\u0646\u06cc \u0627\u0632 \u062e\u0627\u0631\u062c \u0634\u0628\u06a9\u0647 \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u0622\u0646\u200c\u0647\u0627 \u0627\u0631\u062a\u0628\u0627\u0637 \u0628\u0631\u0642\u0631\u0627\u0631 \u06a9\u0631\u062f). \u0627\u0632 \u0622\u0646\u200c\u062c\u0627\u06cc\u06cc \u06a9\u0647 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0628\u06a9\u200c\u0627\u0646\u062f \u0645\u0639\u0645\u0648\u0644\u0627 \u0628\u0647 \u0635\u0648\u0631\u062a \u0645\u0633\u062a\u0642\u06cc\u0645 \u062a\u0648\u0633\u0637 \u062a\u0648\u067e\u0648\u0644\u0648\u0698\u06cc \u0634\u0628\u06a9\u0647 \u0645\u062d\u0627\u0641\u0638\u062a \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0639\u0645\u062f\u062a\u0627\u064b \u0648\u0636\u0639\u06cc\u062a \u0627\u0645\u0646\u06cc\u062a\u06cc \u0636\u0639\u06cc\u0641\u200c\u062a\u0631\u06cc \u062f\u0627\u0631\u0646\u062f. \u062f\u0631 \u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 \u0645\u0648\u0627\u0631\u062f\u060c \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0628\u06a9\u200c\u0627\u0646\u062f \u062f\u0627\u062e\u0644\u06cc \u0639\u0645\u0644\u06a9\u0631\u062f\u0647\u0627\u06cc \u062d\u0633\u0627\u0633\u06cc \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f \u06a9\u0647 \u0647\u0631\u06a9\u0633 \u0628\u062a\u0648\u0627\u0646\u062f \u0628\u0627 \u0627\u06cc\u0646 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627 \u062a\u0639\u0627\u0645\u0644 \u06a9\u0646\u062f\u060c \u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0628\u0647 \u0622\u0646\u200c\u0647\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u062f\u0627\u0631\u062f.<\/p><p style=\"text-align: justify;\">\u062f\u0631 \u0645\u062b\u0627\u0644 \u0642\u0628\u0644\u06cc\u060c \u0641\u0631\u0636 \u06a9\u0646\u06cc\u062f \u06cc\u06a9 \u0631\u0627\u0628\u0637 \u0627\u062f\u0645\u06cc\u0646 \u062f\u0631 \u0622\u062f\u0631\u0633 URL \u0628\u06a9\u200c\u0627\u0646\u062f 192.168.0.68\/admin \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f. \u062f\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF \u0631\u0627 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u06a9\u0646\u062f \u0648 \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0632\u06cc\u0631\u060c \u0628\u0647 \u0627\u06cc\u0646 \u0631\u0627\u0628\u0637 \u0627\u062f\u0645\u06cc\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-518ce27 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"518ce27\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c62750b\" data-id=\"c62750b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-91dbde0 elementor-widget elementor-widget-text-editor\" data-id=\"91dbde0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\"><strong>POST \/product\/stock HTTP\/1.0\u00a0 \u00a0<\/strong><\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\"><strong>Content-Type: application\/x-www-form-urlencoded<\/strong><\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\"><strong>Content-Length: 118\u00a0 \u00a0\u00a0<\/strong><\/span><\/p><p style=\"direction: ltr; text-align: left;\">\u00a0<\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\"><strong>stockApi=http:\/\/192.168.0.68\/admin<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3489261 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3489261\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b36d4a7\" data-id=\"b36d4a7\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b6ab966 elementor-widget elementor-widget-text-editor\" data-id=\"b6ab966\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 id=\"defence-bypass-against-ssrf\"><strong>\u062f\u0648\u0631\u0632\u062f\u0646 \u0631\u0627\u0647\u06a9\u0627\u0631\u0647\u0627\u06cc \u062f\u0641\u0627\u0639 \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 SSRF<\/strong><\/h2>\n<p style=\"text-align: justify;\">\u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627\u06cc \u0632\u06cc\u0627\u062f\u06cc \u0628\u0627 \u0648\u062c\u0648\u062f \u0627\u06cc\u0646 \u06a9\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF \u062f\u0627\u0631\u0646\u062f\u060c \u0631\u0627\u0647\u06a9\u0627\u0631\u0647\u0627\u06cc\u06cc \u062f\u0641\u0627\u0639\u06cc \u062f\u0631 \u06a9\u0646\u0627\u0631 \u0622\u0646 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f\u0647\u200c\u0627\u0646\u062f \u062a\u0627 \u0627\u0632 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0622\u0646 \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u06a9\u0646\u0646\u062f. \u0627\u0644\u0628\u062a\u0647\u060c \u062e\u06cc\u0644\u06cc \u0627\u0648\u0642\u0627\u062a \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u06cc\u0646 \u0631\u0627\u0647\u06a9\u0627\u0631\u0647\u0627 \u0631\u0627 \u062f\u0648\u0631 \u0632\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-62d792c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"62d792c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-18bccb9\" data-id=\"18bccb9\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f36dcd1 elementor-widget elementor-widget-text-editor\" data-id=\"f36dcd1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><strong>SSRF \u0628\u0627 \u0641\u06cc\u0644\u062a\u0631\u0647\u0627\u06cc \u0648\u0631\u0648\u062f\u06cc \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u0644\u06cc\u0633\u062a \u0633\u06cc\u0627\u0647<\/strong><\/h3><p style=\"text-align: justify;\">\u0628\u0631\u062e\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627 \u0648\u0631\u0648\u062f\u06cc\u200c\u0647\u0627\u06cc \u0631\u0627 \u06a9\u0647 \u062d\u0627\u0648\u06cc host name \u0647\u0627\u06cc\u06cc \u0645\u0627\u0646\u0646\u062f 127.0.0.1 \u0648 localhost\u060c \u06cc\u0627 URL \u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0645\u0627\u0646\u0646\u062f \/admin \u0628\u0627\u0634\u0646\u062f\u060c \u0628\u0644\u0627\u06a9 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f. \u062f\u0631 \u0627\u06cc\u0646 \u0645\u0648\u0627\u0642\u0639\u060c \u0645\u0639\u0645\u0648\u0644\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0627 \u062a\u06a9\u0646\u06cc\u06a9\u200c\u0647\u0627\u06cc \u0645\u062a\u0646\u0648\u0639\u06cc\u060c \u0627\u06cc\u0646 \u0641\u06cc\u0644\u062a\u0631\u0647\u0627 \u0631\u0627 \u062f\u0648\u0631 \u0628\u0632\u0646\u06cc\u062f:<\/p><ul><li style=\"text-align: justify;\">\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06cc\u06a9 \u0646\u0645\u0627\u062f\u06af\u0630\u0627\u0631\u06cc \u0645\u062a\u0641\u0627\u0648\u062a \u0628\u0631\u0627\u06cc \u0648\u0627\u0631\u062f\u06a9\u0631\u062f\u0646 \u0622\u062f\u0631\u0633 \u0622\u06cc\u200c\u067e\u06cc 0.0.1\u061b \u0645\u0627\u0646\u0646\u062f 2130706433\u060c 017700000001 \u06cc\u0627 127.1<\/li><li style=\"text-align: justify;\">\u062b\u0628\u062a\u200c\u06a9\u0631\u062f\u0646 \u06cc\u06a9 \u0646\u0627\u0645 \u062f\u0627\u0645\u0646\u0647 \u0628\u0631\u0627\u06cc \u062e\u0648\u062f\u062a\u0627\u0646 \u06a9\u0647 \u0622\u06cc\u200c\u067e\u06cc \u0622\u0646 0.0.1 \u0628\u0627\u0634\u062f. \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u0645\u0646\u0638\u0648\u0631 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u0622\u062f\u0631\u0633 spoofed.burpcollaborator.net \u0647\u0645 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f.<\/li><li style=\"text-align: justify;\">\u0645\u0628\u0647\u0645\u200c\u0633\u0627\u0632\u06cc \u0627\u0633\u062a\u0631\u06cc\u0646\u06af\u200c\u0647\u0627\u06cc \u0628\u0644\u0627\u06a9\u200c\u0634\u062f\u0647 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0627\u0646\u06a9\u0648\u062f\u06cc\u0646\u06af URL \u06cc\u0627 \u0628\u0632\u0631\u06af \u0648 \u06a9\u0648\u0686\u06a9 \u06a9\u0631\u062f\u0646 \u062d\u0631\u0648\u0641 (case varitation)<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5a18916 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5a18916\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c73ea6d\" data-id=\"c73ea6d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-de58668 elementor-widget elementor-widget-text-editor\" data-id=\"de58668\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><strong>SSRF \u0628\u0627 \u0641\u06cc\u0644\u062a\u0631\u0647\u0627\u06cc \u0648\u0631\u0648\u062f\u06cc \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u0644\u06cc\u0633\u062a \u0633\u0641\u06cc\u062f<\/strong><\/h3><p style=\"text-align: justify;\">\u0628\u0639\u0636\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627 \u06cc\u06a9 \u0644\u06cc\u0633\u062a \u0633\u0641\u06cc\u062f \u0627\u0632 \u0645\u0642\u0627\u062f\u06cc\u0631 \u0645\u062c\u0627\u0632 \u062f\u0627\u0631\u0646\u062f \u0648 \u062a\u0646\u0647\u0627 \u0648\u0631\u0648\u062f\u06cc\u200c\u0647\u0627\u06cc\u06cc \u0631\u0627 \u0642\u0628\u0648\u0644 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u06a9\u0647 \u0628\u0627 \u062d\u062f\u0627\u0642\u0644 \u06cc\u06a9\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0645\u0642\u0627\u062f\u06cc\u0631 \u0645\u0637\u0627\u0628\u0642\u062a \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u0646\u062f\u060c \u0628\u0627 \u06cc\u06a9\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0645\u0642\u0627\u062f\u06cc\u0631 \u0634\u0631\u0648\u0639 \u0634\u062f\u0647 \u0628\u0627\u0634\u0646\u062f \u06cc\u0627 \u062d\u0627\u0648\u06cc \u06cc\u06a9\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0645\u0642\u0627\u062f\u06cc\u0631 \u0628\u0627\u0634\u0646\u062f. \u0628\u0639\u0636\u06cc \u0627\u0648\u0642\u0627\u062a \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0627 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0634\u06a9\u0627\u0641\u200c\u0647\u0627\u06cc \u0645\u0648\u062c\u0648\u062f \u062f\u0631 \u0641\u0631\u0627\u06cc\u0646\u062f \u062a\u062c\u0632\u06cc\u0647 URL (\u06cc\u0627 URL Parsing)\u060c \u0627\u06cc\u0646 \u0641\u06cc\u0644\u062a\u0631 \u0631\u0627 \u062f\u0648\u0631 \u0628\u0632\u0646\u06cc\u062f.<\/p><p style=\"text-align: justify;\">URL \u062f\u0631 \u062a\u0639\u0631\u06cc\u0641 \u062e\u0648\u062f \u0642\u0627\u0628\u0644\u06cc\u062a\u200c\u0647\u0627\u06cc\u06cc \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0647\u0646\u06af\u0627\u0645 \u067e\u06cc\u0627\u062f\u0647\u200c\u0633\u0627\u0632\u06cc \u067e\u0627\u0631\u0633\u0631\u0647\u0627\u06cc ad hoc \u0648 \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc URL\u060c \u0628\u0647 \u0622\u0646\u200c\u0647\u0627 \u062a\u0648\u062c\u0647 \u0646\u0634\u062f\u0647 \u0628\u0627\u0634\u062f (\u062f\u0631 \u0645\u062b\u0627\u0644\u200c\u0647\u0627 \u0628\u0647 \u062c\u0627\u06cc \u0622\u062f\u0631\u0633 \u0647\u0627\u0633\u062a \u0645\u0648\u0631\u062f \u0627\u0646\u062a\u0638\u0627\u0631 expected-host \u0648 \u0628\u0647 \u062c\u0627\u06cc \u0622\u062f\u0631\u0633 \u0647\u0627\u0633\u062a \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 evil-host \u0642\u0631\u0627\u0631 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a):<\/p><ul><li style=\"text-align: justify;\">\u0634\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631 @\u060c \u062f\u0631 \u062f\u0644 URL \u0648 \u0642\u0628\u0644 \u0627\u0632 \u0646\u0627\u0645 \u0647\u0627\u0633\u062a\u060c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0648\u0631\u0648\u062f \u0631\u0627 \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u062f. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644:<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0026063 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0026063\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ad1ab8e\" data-id=\"ad1ab8e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fc71daa elementor-widget elementor-widget-text-editor\" data-id=\"fc71daa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><strong>https:\/\/expected-host@evil-host<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-fc03fc4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"fc03fc4\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8f6037b\" data-id=\"8f6037b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6ff5f63 elementor-widget elementor-widget-text-editor\" data-id=\"6ff5f63\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li>\u0634\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631 # \u0628\u0631\u0627\u06cc \u0646\u0634\u0627\u0646\u200c\u062f\u0627\u062f\u0646 \u06cc\u06a9 URL Fragment \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644:<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-33660fa elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"33660fa\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-26b39af\" data-id=\"26b39af\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d7b4738 elementor-widget elementor-widget-text-editor\" data-id=\"d7b4738\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #000000;\"><strong>https:\/\/evil-host#expected-host<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-aa7c96b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"aa7c96b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-25bebde\" data-id=\"25bebde\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-35c5957 elementor-widget elementor-widget-text-editor\" data-id=\"35c5957\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li>\u0634\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u0633\u0644\u0633\u0644\u0647 \u0645\u0631\u0627\u062a\u0628 \u0646\u0627\u0645\u200c\u06af\u0630\u0627\u0631\u06cc \u0648 \u062a\u0631\u062a\u06cc\u0628 \u062a\u0628\u062f\u06cc\u0644 \u0646\u0627\u0645 \u062f\u0627\u0645\u0646\u0647 \u0628\u0647 IP \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645 DNS \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f \u0648 \u0648\u0631\u0648\u062f\u06cc \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u062e\u0648\u062f \u0631\u0627 \u062f\u0631 \u0646\u0627\u0645 \u062f\u0627\u0645\u0646\u0647\u200c\u0627\u06cc \u0628\u06af\u0630\u0627\u0631\u06cc\u062f \u06a9\u0647 \u0627\u0632 \u0646\u0638\u0631 \u0641\u06cc\u0644\u062a\u0631 \u0648\u0631\u0648\u062f\u06cc \u06a9\u0627\u0645\u0644\u0627 \u0645\u062c\u0627\u0632 \u0627\u0633\u062a \u0648\u0644\u06cc \u062f\u0631 \u06a9\u0646\u062a\u0631\u0644 \u0634\u0645\u0627\u0633\u062a. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644:<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3fc3985 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3fc3985\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-a72762f\" data-id=\"a72762f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-efb316f elementor-widget elementor-widget-text-editor\" data-id=\"efb316f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #000000;\"><strong>https:\/\/expected-host.evil-host<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d7120ca elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d7120ca\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e021d08\" data-id=\"e021d08\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9c4bc95 elementor-widget elementor-widget-text-editor\" data-id=\"9c4bc95\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li style=\"text-align: justify;\">\u0634\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631\u0647\u0627\u06cc URL \u0631\u0627 \u0627\u0646\u06a9\u0648\u062f \u06a9\u0646\u06cc\u062f \u062a\u0627 \u06a9\u062f\u06cc \u06a9\u0647 \u0648\u0638\u06cc\u0641\u0647\u200c\u06cc \u062a\u062c\u0632\u06cc\u0647\u200c\u06cc URL \u0631\u0627 \u062f\u0627\u0631\u062f \u06af\u06cc\u062c \u0634\u0648\u062f. \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0628\u0647 \u0648\u06cc\u0698\u0647 \u062f\u0631 \u0645\u0648\u0627\u0642\u0639\u06cc \u0645\u0641\u06cc\u062f \u0627\u0633\u062a \u06a9\u0647 \u0646\u062d\u0648\u0647\u200c\u06cc \u0631\u0641\u062a\u0627\u0631 \u0628\u0627 \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631\u0647\u0627\u06cc \u0627\u0646\u06a9\u0648\u062f\u0634\u062f\u0647 \u062f\u0631 URL \u062f\u0631 \u06a9\u062f\u06cc \u06a9\u0647 \u0641\u06cc\u0644\u062a\u0631 \u0628\u0627 \u0622\u0646 \u067e\u06cc\u0627\u062f\u0647\u200c\u0633\u0627\u0632\u06cc \u0634\u062f\u0647 \u0648 \u06a9\u062f\u06cc \u06a9\u0647 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc HTTP \u0628\u06a9\u200c\u0627\u0646\u062f \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u062f\u0647\u062f\u060c \u0645\u062a\u0641\u0627\u0648\u062a \u0628\u0627\u0634\u062f.<\/li><li style=\"text-align: justify;\">\u0634\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u062a\u0631\u06a9\u06cc\u0628\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u062a\u06a9\u0646\u06cc\u06a9\u200c\u0647\u0627 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u06cc\u062f.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b16139e elementor-section-content-middle elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b16139e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-cf6323f\" data-id=\"cf6323f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4fd03ed elementor-widget elementor-widget-text-editor\" data-id=\"4fd03ed\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 id=\"ssrf-bypass-with-open-redirection\">\u00a0<strong>\u062f\u0648\u0631\u0632\u062f\u0646 \u0641\u06cc\u0644\u062a\u0631\u0647\u0627\u06cc SSRF \u0628\u0627 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a Open Redirection<\/strong><\/h3>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-5050b65\" data-id=\"5050b65\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-bb029a4 elementor-widget elementor-widget-image\" data-id=\"bb029a4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"780\" height=\"410\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2020\/06\/open-redirection-vulnerability-information-prevention-1024x538.jpg\" class=\"attachment-large size-large wp-image-12685\" alt=\"open redirection\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2020\/06\/open-redirection-vulnerability-information-prevention-1024x538.jpg 1024w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2020\/06\/open-redirection-vulnerability-information-prevention-300x158.jpg 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2020\/06\/open-redirection-vulnerability-information-prevention-768x403.jpg 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2020\/06\/open-redirection-vulnerability-information-prevention.jpg 1200w\" sizes=\"(max-width: 780px) 100vw, 780px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-a480a7b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a480a7b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-36d4c21\" data-id=\"36d4c21\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-dacce69 elementor-widget elementor-widget-text-editor\" data-id=\"dacce69\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u0628\u0639\u0636\u06cc \u0627\u0648\u0642\u0627\u062a \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Open Redirection \u0631\u0627\u0647\u06a9\u0627\u0631\u0647\u0627\u06cc \u062f\u0641\u0627\u0639\u06cc \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u0641\u06cc\u0644\u062a\u0631 \u0631\u0627 \u062f\u0648\u0631 \u0632\u062f. \u067e\u06cc\u0634 \u0627\u0632 \u0622\u0646 \u0628\u0627\u06cc\u062f \u0628\u0628\u06cc\u0646\u06cc\u0645 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Open Redirect \u0686\u06cc\u0633\u062a\u061f<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c383ad6 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c383ad6\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9bee9b6\" data-id=\"9bee9b6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0abb44a elementor-widget elementor-widget-text-editor\" data-id=\"0abb44a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"color: #0000ff; font-size: 14pt;\">\u00ab\u0645\u0637\u0644\u0628 \u0645\u0634\u0627\u0628\u0647\u00bb<\/span><\/p><ul><li><a href=\"https:\/\/liangroup.net\/blog\/how-to-stop-csrf-attack\/\"><strong>\u0686\u06af\u0648\u0646\u0647 \u0627\u0632 \u062d\u0645\u0644\u0647 CSRF \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u06a9\u0646\u06cc\u0645\u061f<\/strong><\/a><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-92c54ff elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"92c54ff\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c18fe01\" data-id=\"c18fe01\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c2530f2 elementor-widget elementor-widget-text-editor\" data-id=\"c2530f2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h4><strong>\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Open Redirection \u0686\u06cc\u0633\u062a\u061f<\/strong><\/h4><p style=\"text-align: justify;\">\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc Open Redirection \u0632\u0645\u0627\u0646\u06cc \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u0646\u062f \u06a9\u0647 \u06cc\u06a9 \u0648\u0628\u200c\u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u0632 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u062f\u0631 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0631\u0628\u0631 \u0647\u0633\u062a\u0646\u062f\u060c \u0628\u0647 \u0637\u0648\u0631 \u0645\u0633\u062a\u0642\u06cc\u0645 \u0628\u0631\u0627\u06cc \u0647\u062f\u0627\u06cc\u062a \u06cc\u0627 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u0634\u0646 \u063a\u06cc\u0631\u0627\u06cc\u0645\u0646 \u0628\u0647 \u06cc\u06a9 \u0622\u062f\u0631\u0633 \u062e\u0627\u0635 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u06cc\u06a9 URL \u062f\u0627\u062e\u0644 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0633\u0627\u0632\u062f\u060c \u0648 \u0622\u0646 \u0631\u0627 \u0628\u0647\u200c\u06af\u0648\u0646\u0647\u200c\u0627\u06cc \u0637\u0631\u0627\u062d\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u0628\u0627\u0639\u062b \u0647\u062f\u0627\u06cc\u062a\u200c\u0634\u062f\u0646 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0647 \u06cc\u06a9 \u062f\u0627\u0645\u0646\u0647\u200c\u06cc \u062e\u0627\u0631\u062c\u06cc \u062f\u0644\u062e\u0648\u0627\u0647 \u0645\u0647\u0627\u062c\u0645 \u0634\u0648\u062f. \u0628\u0627 \u0628\u0647\u0631\u0647\u200c\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0634\u06a9\u0627\u0641 \u0627\u0645\u0646\u06cc\u062a\u06cc\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0639\u0644\u06cc\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0622\u0646 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u062d\u0645\u0644\u0627\u062a \u0641\u06cc\u0634\u06cc\u0646\u06af \u0627\u0646\u062c\u0627\u0645 \u062f\u0627\u062f. \u0645\u0647\u0627\u062c\u0645 \u062f\u0631 \u0627\u06cc\u0646 \u0646\u0648\u0639 \u062d\u0645\u0644\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u0632 URL \u0627\u0635\u0644\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f \u0648 \u062f\u0627\u0645\u0646\u0647\u200c\u06cc \u062f\u0631\u0633\u062a \u0648 \u0645\u0639\u062a\u0628\u0631 \u0631\u0627 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u062f\u0647\u062f \u06a9\u0647 \u06cc\u06a9 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 SSL \u0645\u0639\u062a\u0628\u0631 \u0647\u0645 \u062f\u0627\u0631\u062f (\u0627\u0644\u0628\u062a\u0647 \u0627\u06af\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0647\u062f\u0641\u060c \u0627\u0632 SSL \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647 \u0628\u0627\u0634\u062f). \u0647\u0645\u06cc\u0646 \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u062d\u0645\u0644\u0647\u200c\u06cc \u0641\u06cc\u0634\u06cc\u0646\u06af \u0628\u0627\u0648\u0631\u067e\u0630\u06cc\u0631\u062a\u0631 \u0634\u0648\u062f\u060c \u0686\u0648\u0646 \u0627\u06a9\u062b\u0631 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u062d\u062a\u06cc \u0627\u06af\u0631 \u0645\u0639\u062a\u0628\u0631\u0628\u0648\u062f\u0646 \u062f\u0627\u0645\u0646\u0647 \u0648 \u0627\u0639\u062a\u0628\u0627\u0631 SSL \u0631\u0627 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u0646\u062f\u060c \u0645\u062a\u0648\u062c\u0647 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u062a\u200c\u0634\u062f\u0646 \u0628\u0647 \u06cc\u06a9 \u062f\u0627\u0645\u0646\u0647\u200c\u06cc \u0645\u062a\u0641\u0627\u0648\u062a \u0646\u0645\u06cc\u200c\u0634\u0648\u0646\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-794f4cf elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"794f4cf\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1e674d4\" data-id=\"1e674d4\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a74fe18 elementor-widget elementor-widget-text-editor\" data-id=\"a74fe18\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h4><strong>\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a Open Redirection \u0648 \u062f\u0648\u0631 \u0632\u062f\u0646 \u0641\u06cc\u0644\u062a\u0631\u0647\u0627\u06cc SSRF<\/strong><\/h4><p style=\"text-align: justify;\">\u062f\u0631 \u0645\u062b\u0627\u0644 \u0642\u0628\u0644\u06cc \u062d\u0645\u0644\u0647 SSRF\u060c \u0641\u0631\u0636 \u06a9\u0646\u06cc\u062f URL \u062b\u0628\u062a\u200c\u0634\u062f\u0647 \u062a\u0648\u0633\u0637 \u06a9\u0627\u0631\u0628\u0631 \u0628\u0627 \u0633\u062e\u062a\u200c\u06af\u06cc\u0631\u06cc \u062a\u0645\u0627\u0645 \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0645\u06cc\u200c\u0634\u0648\u062f \u062a\u0627 \u0627\u0632 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a SSRF \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0634\u0648\u062f. \u0628\u0627 \u0627\u06cc\u0646 \u0648\u062c\u0648\u062f\u060c \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u06cc \u06a9\u0647 URL\u0647\u0627\u06cc \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0622\u0646 \u0645\u062c\u0627\u0632 \u0647\u0633\u062a\u0646\u062f\u060c \u062d\u0627\u0648\u06cc \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Open Redirection \u0627\u0633\u062a. \u0628\u0627 \u0641\u0631\u0636 \u0627\u06cc\u0646 \u06a9\u0647 API \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0628\u0631\u0627\u06cc \u0627\u0631\u0633\u0627\u0644 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc HTTP \u0628\u06a9\u200c\u0627\u0646\u062f \u0627\u0632 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u062a \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u0634\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u06cc\u06a9 URL \u0628\u0633\u0627\u0632\u06cc\u062f \u06a9\u0647 \u0627\u0632 \u0641\u06cc\u0644\u062a\u0631 \u0639\u0628\u0648\u0631 \u0645\u06cc\u200c\u06a9\u0646\u062f \u0648 \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u062a\u200c\u0634\u062f\u0647 \u0628\u0647 \u0647\u062f\u0641 \u0628\u06a9\u200c\u0627\u0646\u062f \u0645\u0637\u0644\u0648\u0628 \u0634\u0645\u0627 \u0632\u062f\u0647 \u0634\u0648\u062f.<\/p><p style=\"text-align: justify;\">\u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644\u060c \u0641\u0631\u0636 \u06a9\u0646\u06cc\u062f \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc open redirection \u062f\u0627\u0631\u062f \u06a9\u0647 \u062f\u0631 \u0622\u0646 URL \u0632\u06cc\u0631:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3825510 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3825510\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4b5469a\" data-id=\"4b5469a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9dbafbd elementor-widget elementor-widget-text-editor\" data-id=\"9dbafbd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><strong>\/product\/nextProduct?currentProductId=6&amp;path=http:\/\/evil-user.net<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-42aa9ef elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"42aa9ef\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-99b232e\" data-id=\"99b232e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a92d2ce elementor-widget elementor-widget-text-editor\" data-id=\"a92d2ce\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u062a \u0632\u06cc\u0631 \u0631\u0627 \u0628\u0631\u0645\u06cc\u200c\u06af\u0631\u062f\u0627\u0646\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-63cb76a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"63cb76a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-da38c62\" data-id=\"da38c62\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-12f6af5 elementor-widget elementor-widget-text-editor\" data-id=\"12f6af5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #000000;\"><strong>http:\/\/evil-user.net<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3a9d556 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3a9d556\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-60d1e4c\" data-id=\"60d1e4c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fe144d4 elementor-widget elementor-widget-text-editor\" data-id=\"fe144d4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u0634\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc open redirection \u0628\u0631\u0627\u06cc \u062f\u0648\u0631\u0632\u062f\u0646 \u0641\u06cc\u0644\u062a\u0631 URL \u0627\u0633\u062a\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f\u060c \u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF \u0631\u0627 \u0628\u0647 \u0627\u06cc\u0646 \u0634\u06a9\u0644 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u06a9\u0646\u06cc\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-23c0477 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"23c0477\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f1ae685\" data-id=\"f1ae685\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e20aac6 elementor-widget elementor-widget-text-editor\" data-id=\"e20aac6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\"><strong>POST \/product\/stock HTTP\/1.0\u00a0<\/strong><\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\"><strong>Content-Type: application\/x-www-form-urlencoded<\/strong><\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\"><strong>Content-Length: 118\u00a0<\/strong><\/span><\/p><p style=\"direction: ltr; text-align: left;\"><span style=\"color: #ffffff;\"><strong>stockApi=http:\/\/weliketoshop.net\/product\/nextProduct?currentProductId=6&amp;path=http:\/\/192.168.0.68\/admin<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-11da9b9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"11da9b9\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7f02c69\" data-id=\"7f02c69\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7e68f02 elementor-widget elementor-widget-text-editor\" data-id=\"7e68f02\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u0627\u06cc\u0646 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0628\u0647 \u0627\u06cc\u0646 \u062f\u0644\u06cc\u0644 \u06a9\u0627\u0631 \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u0628\u062a\u062f\u0627 \u0628\u0631\u0631\u0633\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 URL \u0648\u0627\u0631\u062f\u0634\u062f\u0647 \u062f\u0631 \u0628\u062e\u0634 stockAPI \u062c\u0632\u0648 \u0644\u06cc\u0633\u062a URL\u0647\u0627\u06cc \u0645\u062c\u0627\u0632 \u0628\u0627\u0634\u062f\u060c \u06a9\u0647 \u062c\u0632\u0648 \u0627\u06cc\u0646 \u0644\u06cc\u0633\u062a \u0646\u06cc\u0632 \u0647\u0633\u062a. \u0633\u067e\u0633 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0647 URL \u062f\u0627\u062f\u0647\u200c\u0634\u062f\u0647 \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u06a9\u0647 \u0628\u0627\u0639\u062b \u0627\u0646\u062c\u0627\u0645 \u06cc\u06a9 open redirection \u0645\u06cc\u200c\u0634\u0648\u062f. \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u062a \u0631\u0627 \u062f\u0646\u0628\u0627\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u0648 \u0628\u0647 URL \u062f\u0627\u062e\u0644\u06cc \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645 \u0645\u0634\u062e\u0635 \u06a9\u0631\u062f\u0647\u060c \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ae52275 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ae52275\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b6c662c\" data-id=\"b6c662c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-29e6f46 elementor-widget elementor-widget-text-editor\" data-id=\"29e6f46\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h4 style=\"text-align: justify;\"><strong>\u0627\u0632 \u0628\u06cc\u0646 \u0628\u0631\u062f\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Open Redirection<\/strong><\/h4><p style=\"text-align: justify;\">\u062f\u0631 \u0635\u0648\u0631\u062a \u0627\u0645\u06a9\u0627\u0646\u060c \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0627\u06cc\u062f \u0627\u0632 \u0628\u0647\u200c\u06a9\u0627\u0631\u0628\u0631\u062f\u0646 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062a\u062d\u062a \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0631\u0628\u0631 \u062f\u0631 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u0634\u0646 \u0628\u0647 \u0627\u0647\u062f\u0627\u0641 \u0645\u062e\u062a\u0644\u0641 \u062e\u0648\u062f\u062f\u0627\u0631\u06cc \u06a9\u0646\u062f. \u062f\u0631 \u0645\u0648\u0627\u0631\u062f \u0632\u06cc\u0627\u062f\u06cc\u060c \u0628\u0647 \u062f\u0648 \u0631\u0648\u0634 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u0632 \u0627\u06cc\u0646 \u0631\u0641\u062a\u0627\u0631 \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u06a9\u0631\u062f:<\/p><ul style=\"text-align: justify;\"><li>\u0628\u0647 \u0637\u0648\u0631 \u06a9\u0644\u06cc \u0627\u0645\u06a9\u0627\u0646 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u062a \u0631\u0627 \u0627\u0632 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u062d\u0630\u0641 \u06a9\u0646\u06cc\u062f\u060c \u0648 \u0644\u06cc\u0646\u06a9\u200c\u0647\u0627\u06cc\u06cc \u0631\u0627 \u06a9\u0647 \u0628\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0645\u0646\u062a\u0647\u06cc \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0628\u0627 \u0644\u06cc\u0646\u06a9\u200c\u0647\u0627\u06cc \u0645\u0633\u062a\u0642\u06cc\u0645 \u0628\u0647 URL\u0647\u0627\u06cc \u0647\u062f\u0641 \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u062c\u0627\u06cc\u06af\u0632\u06cc\u0646 \u06a9\u0646\u06cc\u062f.<\/li><li>\u062f\u0631 \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u06cc\u06a9 \u0644\u06cc\u0633\u062a \u0627\u0632 \u062a\u0645\u0627\u0645 URL\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u0634\u0646 \u0628\u0647 \u0622\u0646\u200c\u0647\u0627 \u0645\u062c\u0627\u0632 \u0627\u0633\u062a \u0646\u06af\u0647 \u062f\u0627\u0631\u06cc\u062f. \u0628\u0647 \u062c\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0647 URL \u0647\u062f\u0641 \u0631\u0627 \u0628\u0647 \u0635\u0648\u0631\u062a \u06cc\u06a9 \u067e\u0627\u0631\u0627\u0645\u062a\u0631 \u0628\u0647 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u06cc\u062f\u060c \u0628\u0647 \u0622\u0646 \u06cc\u06a9 \u0627\u06cc\u0646\u062f\u06a9\u0633 \u0627\u0632 \u0627\u06cc\u0646 \u0644\u06cc\u0633\u062a (\u06cc\u0639\u0646\u06cc \u0647\u0645\u0627\u0646 \u0634\u0645\u0627\u0631\u0647\u200c\u06cc URL \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u062f\u0631 \u0644\u06cc\u0633\u062a) \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u06cc\u062f.<\/li><\/ul><p style=\"text-align: justify;\">\u0627\u06af\u0631 \u0628\u0647 \u0627\u06cc\u0646 \u0646\u062a\u06cc\u062c\u0647 \u0631\u0633\u06cc\u062f\u06cc\u062f \u06a9\u0647 \u0627\u0645\u06a9\u0627\u0646 \u0639\u062f\u0645 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062a\u062d\u062a \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0631\u0628\u0631 \u062f\u0631 \u062a\u0639\u06cc\u06cc\u0646 \u0647\u062f\u0641 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u0634\u0646 \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f\u060c \u0628\u0627\u06cc\u062f \u0628\u0627 \u0628\u0647\u200c\u06a9\u0627\u0631\u06af\u06cc\u0631\u06cc \u06cc\u06a9\u06cc \u0627\u0632 \u0631\u0648\u0634\u200c\u0647\u0627\u06cc \u0632\u06cc\u0631\u060c \u062e\u0637\u0631 \u062d\u0645\u0644\u0627\u062a \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u0634\u0646 \u0631\u0627 \u0628\u0647 \u062d\u062f\u0627\u0642\u0644 \u0628\u0631\u0633\u0627\u0646\u06cc\u062f:<\/p><ul><li style=\"text-align: justify;\">\u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0627\u06cc\u062f \u062f\u0631 \u062a\u0645\u0627\u0645 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u062a\u200c\u0647\u0627\u06cc \u062e\u0648\u062f \u0641\u0642\u0637 \u0648 \u0641\u0642\u0637 \u0627\u0632 URL\u0647\u0627\u06cc \u0646\u0633\u0628\u06cc (relative) \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f\u060c \u0648 \u062a\u0627\u0628\u0639 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u0634\u0646 \u0628\u0627\u06cc\u062f \u0628\u0647 \u0637\u0648\u0631 \u062f\u0642\u06cc\u0642 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u062f \u06a9\u0647 URL \u062f\u0631\u06cc\u0627\u0641\u062a\u200c\u0634\u062f\u0647 \u062d\u062a\u0645\u0627 \u06cc\u06a9 URL \u0646\u0633\u0628\u06cc \u0628\u0627\u0634\u062f.<\/li><li style=\"text-align: justify;\">\u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0641\u0642\u0637 \u0628\u0627\u06cc\u062f \u062f\u0631 \u062a\u0645\u0627\u0645 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u062a\u200c\u0647\u0627\u06cc \u062e\u0648\u062f \u0627\u0632 URL\u0647\u0627\u06cc\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f \u06a9\u0647 \u0645\u0628\u062f\u0623 \u0622\u0646\u200c\u0647\u0627 web root \u0628\u0627\u0634\u062f\u060c \u0648 \u062a\u0627\u0628\u0639 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u0634\u0646 \u0647\u0645 \u0628\u0627\u06cc\u062f \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u062f \u06a9\u0647 URL \u062f\u0631\u06cc\u0627\u0641\u062a\u200c\u0634\u062f\u0647 \u0628\u0627 \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631 \u0627\u0633\u0644\u0634 (\u06a9\u0627\u0631\u0627\u06a9\u062a\u0631 \u00ab \/ \u00bb) \u0634\u0631\u0648\u0639 \u0634\u062f\u0647 \u0628\u0627\u0634\u062f\u060c \u0648 \u067e\u06cc\u0634 \u0627\u0632 \u0627\u0646\u062c\u0627\u0645 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u0634\u0646\u060c <a href=\"http:\/\/yourdomainname.com\">http:\/\/yourdomainname.com<\/a> \u0631\u0627 \u0628\u0647 \u0627\u0628\u062a\u062f\u0627\u06cc URL \u0628\u0686\u0633\u0628\u0627\u0646\u062f (\u0628\u0647 \u062c\u0627\u06cc com \u0646\u0627\u0645 \u062f\u0627\u0645\u0646\u0647 \u0634\u0645\u0627 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u06af\u06cc\u0631\u062f).<\/li><li style=\"text-align: justify;\">\u062f\u0631 \u0635\u0648\u0631\u062a\u06cc \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u0632 URL\u0647\u0627\u06cc \u0645\u0637\u0644\u0642 (absolute) \u0628\u0631\u0627\u06cc \u062a\u0645\u0627\u0645 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u0634\u0646\u200c\u0647\u0627\u06cc \u062e\u0648\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f\u060c \u062a\u0627\u0628\u0639 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u0634\u0646 \u0642\u0628\u0644 \u0627\u0632 \u0627\u0646\u062c\u0627\u0645 \u0631\u06cc\u062f\u0627\u06cc\u0631\u06a9\u062a \u0628\u0627\u06cc\u062f \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u062a\u0645\u0627\u0645 URL\u0647\u0627\u06cc \u0648\u0627\u0631\u062f\u0634\u062f\u0647 \u062a\u0648\u0633\u0637 \u06a9\u0627\u0631\u0628\u0631 \u0628\u0627 <a href=\"http:\/\/yourdomainname.com\/\">http:\/\/yourdomainname.com\/<\/a> \u0634\u0631\u0648\u0639 \u0634\u062f\u0647 \u0628\u0627\u0634\u0646\u062f (\u0628\u0647 \u062c\u0627\u06cc com \u0646\u0627\u0645 \u062f\u0627\u0645\u0646\u0647 \u0634\u0645\u0627 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u06af\u06cc\u0631\u062f).<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ebdbaae elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ebdbaae\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-aa5fa33\" data-id=\"aa5fa33\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-139fba5 elementor-widget elementor-widget-text-editor\" data-id=\"139fba5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 id=\"blind-ssrf\"><strong>\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Blind SSRF<\/strong><\/h2>\n<p style=\"text-align: justify;\">\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc Blind SSRF \u06cc\u0627 SSRF \u06a9\u0648\u0631\u060c \u0632\u0645\u0627\u0646\u06cc \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u0646\u062f \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u06a9\u0627\u0631\u06cc \u06a9\u0646\u06cc\u0645 \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0628\u06a9\u200c\u0627\u0646\u062f \u0628\u0647 \u06cc\u06a9 URL \u062f\u0627\u062f\u0647\u200c\u0634\u062f\u0647 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f\u060c \u0648\u0644\u06cc \u067e\u0627\u0633\u062e \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0628\u06a9\u200c\u0627\u0646\u062f \u062f\u0631 \u067e\u0627\u0633\u062e \u0641\u0631\u0627\u0646\u062a\u200c\u0627\u0646\u062f \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631 \u0628\u0631\u06af\u0631\u062f\u0627\u0646\u062f\u0647 \u0646\u0645\u06cc\u200c\u0634\u0648\u062f.<\/p>\n<p style=\"text-align: justify;\">\u0645\u0639\u0645\u0648\u0644\u0627 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc Blind SSRF \u0633\u062e\u062a\u200c\u062a\u0631 \u0627\u0633\u062a\u060c \u0648\u0644\u06cc \u0647\u0645\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0647\u0645 \u06af\u0627\u0647\u06cc \u0627\u0648\u0642\u0627\u062a \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0645\u0646\u062c\u0631 \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0631\u0648\u06cc \u0633\u0631\u0648\u0631 \u06cc\u0627 \u062f\u06cc\u06af\u0631 \u062a\u0627\u0633\u06cc\u0633\u0627\u062a \u0628\u06a9\u200c\u0627\u0646\u062f \u0634\u0648\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1a108d4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1a108d4\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-97eac93\" data-id=\"97eac93\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2c0d014 elementor-widget elementor-widget-text-editor\" data-id=\"2c0d014\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 id=\"blind-ssrf-impact\"><strong>\u0645\u06cc\u0632\u0627\u0646 \u062a\u0627\u062b\u06cc\u0631\u06af\u0630\u0627\u0631\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Blind SSRF \u0686\u0642\u062f\u0631 \u0627\u0633\u062a\u061f<\/strong><\/h3>\n<p style=\"text-align: justify;\">\u0645\u0639\u0645\u0648\u0644\u0627 \u062f\u0633\u062a \u0645\u0647\u0627\u062c\u0645 \u062f\u0631 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u200e\u0647\u0627\u06cc SSRF \u06a9\u0648\u0631 \u0628\u0647 \u0627\u0646\u062f\u0627\u0632\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc SSRF \u0645\u0639\u0645\u0648\u0644\u06cc \u0628\u0627\u0632 \u0646\u06cc\u0633\u062a\u061b \u0632\u06cc\u0631\u0627 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u06a9\u0648\u0631 \u0630\u0627\u062a\u0627\u064b \u06cc\u06a9\u200c\u0637\u0631\u0641\u0647 \u0647\u0633\u062a\u0646\u062f. \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0647 \u0633\u0627\u062f\u06af\u06cc \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0631\u0627 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u06a9\u0631\u062f \u0648 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0631\u0627 \u0645\u0633\u062a\u0642\u06cc\u0645\u0627\u064b \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0628\u06a9\u200c\u0627\u0646\u062f \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u062f\u060c \u0627\u06af\u0631\u0686\u0647 \u062f\u0631 \u0628\u0639\u0636\u06cc \u0645\u0648\u0627\u0631\u062f \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u060c \u06cc\u06a9 \u062d\u0645\u0644\u0647 RCE (\u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631) \u06a9\u0627\u0645\u0644 \u0627\u0646\u062c\u0627\u0645 \u062f\u0627\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-148ded5 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"148ded5\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-51cae0d\" data-id=\"51cae0d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-88e4959 elementor-widget elementor-widget-text-editor\" data-id=\"88e4959\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 id=\"finding-&#038;-exploiting-blind-ssrf\"><strong>\u0646\u062d\u0648\u0647 \u06cc\u0627\u0641\u062a\u0646 \u0648 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc Blind SSRF<\/strong><\/h3>\n<p style=\"text-align: justify;\">\u0645\u0637\u0645\u0626\u0646\u200c\u062a\u0631\u06cc\u0646 \u0631\u0627\u0647 \u0628\u0631\u0627\u06cc \u06cc\u0627\u0641\u062a\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc SSRF \u06a9\u0648\u0631\u060c \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u06a9\u0646\u06cc\u06a9\u200c\u0647\u0627\u06cc out-of-band \u06cc\u0627 OAST \u0627\u0633\u062a. \u062f\u0631 \u0627\u06cc\u0646 \u062a\u06a9\u0646\u06cc\u06a9\u200c\u0647\u0627 \u0628\u0627\u06cc\u062f \u06a9\u0627\u0631\u06cc \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645\u06cc \u062e\u0627\u0631\u062c\u06cc \u0632\u062f\u0647 \u0634\u0648\u062f \u06a9\u0647 \u062f\u0631 \u06a9\u0646\u062a\u0631\u0644 \u0634\u0645\u0627\u0633\u062a\u060c \u0648 \u0633\u067e\u0633 \u062a\u0639\u0627\u0645\u0644\u0627\u062a \u0627\u0646\u062c\u0627\u0645 \u0634\u062f\u0647 \u0628\u0627 \u0622\u0646 \u0633\u06cc\u0633\u062a\u0645 \u0631\u0627 \u0645\u0627\u0646\u06cc\u062a\u0648\u0631 \u06a9\u0646\u06cc\u062f.<\/p>\n<p style=\"text-align: justify;\">\u0622\u0633\u0627\u0646\u200c\u062a\u0631\u06cc\u0646 \u0648 \u0645\u0648\u062b\u0631\u062a\u0631\u06cc\u0646 \u0631\u0627\u0647 \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u06a9\u0646\u06cc\u06a9\u200c\u0647\u0627\u06cc out-of-band\u060c \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 Burp Collaborator \u0627\u0633\u062a. \u0634\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06a9\u0644\u0627\u06cc\u0646\u062a Burp Collaborator \u0646\u0627\u0645 \u062f\u0627\u0645\u0646\u0647\u200c\u0647\u0627\u06cc \u0645\u0646\u062d\u0635\u0631\u0628\u0647\u200c\u0641\u0631\u062f \u062a\u0648\u0644\u06cc\u062f \u06a9\u0646\u06cc\u062f\u060c \u0648 \u0627\u06cc\u0646 \u0646\u0627\u0645\u200c\u0647\u0627\u06cc \u062f\u0627\u0645\u0646\u0647 \u0631\u0627 \u062f\u0631\u0648\u0646 \u067e\u06cc\u200c\u0644\u0648\u062f\u0647\u0627\u06cc \u062e\u0648\u062f \u0628\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0641\u0631\u0633\u062a\u06cc\u062f\u060c \u0648 \u0633\u067e\u0633 \u062a\u0639\u0627\u0645\u0644\u200c\u0647\u0627\u06cc \u0635\u0648\u0631\u062a\u200c\u06af\u0631\u0641\u062a\u0647 \u0628\u0627 \u0627\u06cc\u0646 \u0646\u0627\u0645\u200c\u0647\u0627\u06cc \u062f\u0627\u0645\u0646\u0647 \u0631\u0627 \u0645\u0627\u0646\u06cc\u062a\u0648\u0631 \u06a9\u0646\u06cc\u062f. \u0627\u06af\u0631 \u0645\u0634\u0627\u0647\u062f\u0647 \u06a9\u0631\u062f\u06cc\u062f \u06a9\u0647 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u0634\u0645\u0627 \u0627\u0632 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u062f\u0631\u06cc\u0627\u0641\u062a \u0634\u062f\u060c \u0645\u062a\u0648\u062c\u0647 \u0645\u06cc\u200c\u0634\u0648\u06cc\u062f \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc SSRF \u062f\u0627\u0631\u062f.<\/p>\n<p style=\"text-align: justify;\"><strong>\u0646\u06a9\u062a\u0647<\/strong>: \u062e\u06cc\u0644\u06cc \u0627\u0648\u0642\u0627\u062a \u0648\u0642\u062a\u06cc \u062f\u0627\u0631\u06cc\u062f \u0648\u062c\u0648\u062f \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF \u0631\u0627 \u062a\u0633\u062a \u0645\u06cc\u200c\u06a9\u0646\u06cc\u062f\u060c \u0645\u0634\u0627\u0647\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u06cc\u062f \u06a9\u0647 \u0628\u0647 \u062f\u0627\u0645\u0646\u0647\u200c\u06cc \u062a\u0648\u0644\u06cc\u062f\u0634\u062f\u0647 \u062a\u0648\u0633\u0637 Collaborator \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a DNS Lookup \u0632\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0648\u0644\u06cc \u0628\u0639\u062f \u0627\u0632 \u0622\u0646 \u0647\u06cc\u0686 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0628\u0647 \u0622\u0646 \u062f\u0627\u0645\u0646\u0647 \u0627\u0631\u0633\u0627\u0644 \u0646\u0645\u06cc\u200c\u0634\u0648\u062f. \u0627\u06cc\u0646 \u0627\u062a\u0641\u0627\u0642 \u0645\u0639\u0645\u0648\u0644\u0627 \u0632\u0645\u0627\u0646\u06cc \u0631\u062e \u0645\u06cc\u200c\u062f\u0647\u062f \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0633\u0639\u06cc \u06a9\u0631\u062f\u0647 \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0628\u0647 \u062f\u0627\u0645\u0646\u0647 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f\u060c \u06a9\u0647 \u067e\u06cc\u0634 \u0627\u0632 \u0622\u0646 \u0644\u0627\u0632\u0645 \u0628\u0648\u062f\u0647 \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a DNS Lookup \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f\u060c \u0648\u0644\u06cc \u062e\u0648\u062f \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u062a\u0648\u0633\u0637 \u06cc\u06a9 \u0645\u06a9\u0627\u0646\u06cc\u0632\u0645 \u0641\u06cc\u0644\u062a\u0631\u06cc\u0646\u06af \u062f\u0631 \u0633\u0637\u062d \u0634\u0628\u06a9\u0647 (\u0645\u062b\u0644 \u0641\u0627\u06cc\u0631\u0648\u0627\u0644) \u0628\u0644\u0627\u06a9 \u0634\u062f\u0647 \u0627\u0633\u062a. \u0627\u06cc\u0646 \u0645\u0633\u0627\u0644\u0647\u200c\u06cc \u0646\u0633\u0628\u062a\u0627\u064b \u0631\u0627\u06cc\u062c\u06cc \u0627\u0633\u062a \u06a9\u0647\u00a0 \u0628\u0647 \u062e\u0627\u0637\u0631 \u0646\u06cc\u0627\u0632 \u0628\u0647 \u062a\u0631\u0627\u0641\u06cc\u06a9 \u062e\u0631\u0648\u062c\u06cc DNS \u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u06a9\u0627\u0631\u0647\u0627\u06cc \u0645\u062e\u062a\u0644\u0641\u060c \u0632\u06cc\u0631\u0633\u0627\u062e\u062a \u0627\u062c\u0627\u0632\u0647\u200c\u06cc \u062e\u0631\u0648\u062c \u062a\u0631\u0627\u0641\u06cc\u06a9 DNS \u0631\u0627 \u0645\u06cc\u200c\u062f\u0647\u062f\u060c \u0648\u0644\u06cc \u0627\u062a\u0635\u0627\u0644\u0627\u062a HTTP \u0628\u0647 \u0645\u0642\u0627\u0635\u062f \u063a\u06cc\u0631\u0645\u0646\u062a\u0638\u0631\u0647 \u0628\u0644\u0627\u06a9 \u0645\u06cc\u200c\u0634\u0648\u062f.<\/p>\n<p style=\"text-align: justify;\">\u0627\u06cc\u0646 \u06a9\u0647 \u0635\u0631\u0641\u0627\u064b \u0645\u062a\u0648\u062c\u0647 \u0634\u0648\u06cc\u062f \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF \u06a9\u0648\u0631 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0627\u0631\u0633\u0627\u0644 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc HTTP \u0628\u0647 \u0635\u0648\u0631\u062a out-of-band \u0634\u0648\u062f\u060c \u0628\u0647 \u062e\u0648\u062f\u06cc\u200c\u062e\u0648\u062f \u0627\u0645\u06a9\u0627\u0646 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0631\u0627 \u0628\u0647 \u0648\u062c\u0648\u062f \u0646\u0645\u06cc\u200c\u0622\u0648\u0631\u062f. \u0627\u0632 \u0622\u0646\u200c\u062c\u0627\u06cc\u06cc \u06a9\u0647 \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u067e\u0627\u0633\u062e \u0627\u0631\u0633\u0627\u0644\u200c\u0634\u062f\u0647 \u062f\u0631 \u062c\u0648\u0627\u0628 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0628\u06a9\u200c\u0627\u0646\u062f \u0631\u0627 \u0628\u0628\u06cc\u0646\u06cc\u062f\u060c \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u0627\u06cc\u0646 \u0631\u0641\u062a\u0627\u0631 \u0628\u0631\u0627\u06cc \u0645\u0634\u0627\u0647\u062f\u0647\u200c\u06cc \u0645\u062d\u062a\u0648\u0627\u06cc \u0645\u0648\u062c\u0648\u062f \u0631\u0648\u06cc \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u0633\u0631\u0648\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u0645\u06a9\u0627\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0622\u0646\u200c\u0647\u0627 \u0631\u0627 \u062f\u0627\u0631\u062f. \u0628\u0627 \u0627\u06cc\u0646 \u0648\u062c\u0648\u062f\u060c \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0631\u0627\u06cc \u062c\u0633\u062a\u062c\u0648 \u0628\u0647 \u062f\u0646\u0628\u0627\u0644 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u062f\u06cc\u06af\u0631 \u0631\u0648\u06cc \u062e\u0648\u062f \u0633\u0631\u0648\u0631 \u06cc\u0627 \u0628\u0642\u06cc\u0647\u200c\u06cc \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0628\u06a9\u200c\u0627\u0646\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f. \u0634\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u06a9\u0648\u0631\u06a9\u0648\u0631\u0627\u0646\u0647 \u0628\u0647 \u062a\u0645\u0627\u0645 \u0622\u062f\u0631\u0633\u200c\u0647\u0627\u06cc IP \u062f\u0627\u062e\u0644\u06cc\u060c \u067e\u06cc\u200c\u200e\u0644\u0648\u062f\u0647\u0627\u06cc\u06cc \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0631\u0627\u06cc\u062c \u0648 \u0634\u0646\u0627\u062e\u062a\u0647\u200c\u0634\u062f\u0647 \u0637\u0631\u0627\u062d\u06cc \u0634\u062f\u0647\u200c\u0627\u0646\u062f. \u0627\u06af\u0631 \u062f\u0627\u062e\u0644 \u0627\u06cc\u0646 \u067e\u06cc\u200c\u0644\u0648\u062f\u0647\u0627 \u0647\u0645 \u0627\u0632 \u062a\u06a9\u0646\u06cc\u06a9\u200c\u0647\u0627\u06cc out-of-band \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647 \u0628\u0627\u0634\u06cc\u062f\u060c \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u062a\u0648\u0627\u0646\u06cc\u062f \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062d\u06cc\u0627\u062a\u06cc \u062f\u0631 \u06cc\u06a9 \u0633\u0631\u0648\u0631 \u062f\u0627\u062e\u0644\u06cc \u067e\u0686\u200c\u0646\u0634\u062f\u0647 \u067e\u06cc\u062f\u0627 \u06a9\u0646\u06cc\u062f.<\/p>\n<p style=\"text-align: justify;\">\u06cc\u06a9 \u0631\u0627\u0647 \u062f\u06cc\u06af\u0631 \u0628\u0631\u0627\u06cc \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc SSRF \u06a9\u0648\u0631\u060c \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u06a9\u0627\u0631\u06cc \u06a9\u0646\u06cc\u0645 \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645\u06cc \u0645\u062a\u0635\u0644 \u0634\u0648\u062f \u06a9\u0647 \u062a\u062d\u062a \u06a9\u0646\u062a\u0631\u0644 \u0645\u0627\u0633\u062a\u060c \u0648 \u0628\u0647 \u06a9\u0644\u0627\u06cc\u0646\u062a HTTP \u06a9\u0647 \u0627\u062a\u0635\u0627\u0644 \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a\u060c \u067e\u0627\u0633\u062e\u200c\u0647\u0627\u06cc \u0645\u062e\u0631\u0628 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u06cc\u0645. \u0627\u06af\u0631 \u0628\u062a\u0648\u0627\u0646\u06cc\u062f \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0633\u0645\u062a \u06a9\u0644\u0627\u06cc\u0646\u062a \u062c\u062f\u06cc \u0631\u0627 \u062f\u0631 \u0633\u0631\u0648\u06cc\u0633 HTTP \u0633\u0631\u0648\u0631 \u0628\u06cc\u0627\u0628\u06cc\u062f\u060c \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u062a\u0648\u0627\u0646\u06cc\u062f \u06cc\u06a9 \u062d\u0645\u0644\u0647 RCE (\u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631) \u062f\u0627\u062e\u0644 \u0632\u06cc\u0631\u0633\u0627\u062e\u062a \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u06cc\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f7335e5 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f7335e5\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3bca268\" data-id=\"3bca268\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a40ca6d elementor-widget elementor-widget-text-editor\" data-id=\"a40ca6d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 id=\"finding-attack-level-of-hidden-ssrf\"><strong>\u06cc\u0627\u0641\u062a\u0646 \u0633\u0637\u062d \u062d\u0645\u0644\u0647\u200c\u06cc \u0645\u062e\u0641\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc SSRF<\/strong><\/h2>\n<p style=\"text-align: justify;\">\u067e\u06cc\u062f\u0627\u06a9\u0631\u062f\u0646 \u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc SSRF \u0646\u0633\u0628\u062a\u0627\u064b \u0631\u0627\u062d\u062a \u0627\u0633\u062a\u060c \u0686\u0648\u0646 \u062f\u0631 \u0635\u0648\u0631\u062a \u0648\u062c\u0648\u062f \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u060c \u062a\u0631\u0627\u0641\u06cc\u06a9 \u0645\u0639\u0645\u0648\u0644\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0634\u0627\u0645\u0644 \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u0647\u0627\u06cc\u06cc \u0627\u0633\u062a \u06a9\u0647 \u062d\u0627\u0648\u06cc URL\u0647\u0627\u06cc \u06a9\u0627\u0645\u0644 \u0647\u0633\u062a\u0646\u062f. \u06cc\u0627\u0641\u062a\u0646 \u0646\u0645\u0648\u0646\u0647\u200c\u0647\u0627\u06cc \u062f\u06cc\u06af\u0631 SSRF \u0633\u062e\u062a\u200c\u062a\u0631 \u0627\u0633\u062a.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3af7554 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3af7554\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f4748ed\" data-id=\"f4748ed\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-57dc7d3 elementor-widget elementor-widget-text-editor\" data-id=\"57dc7d3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><strong>URL\u0647\u0627\u06cc \u0646\u0627\u0642\u0635 \u062f\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627<\/strong><\/h3><p style=\"text-align: justify;\">\u0628\u0639\u0636\u06cc \u0645\u0648\u0627\u0642\u0639\u060c \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0641\u0642\u0637 \u0646\u0627\u0645 \u0647\u0627\u0633\u062a \u06cc\u0627 \u0628\u062e\u0634\u06cc \u0627\u0632 \u0645\u0633\u06cc\u0631 URL \u0631\u0627 \u062f\u0627\u062e\u0644 \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u0647\u0627\u06cc \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f. \u0633\u067e\u0633 \u0645\u0642\u062f\u0627\u0631 \u062b\u0628\u062a\u200c\u0634\u062f\u0647 \u062f\u0631 \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u062f\u0647 \u0648 URL \u06a9\u0627\u0645\u0644 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0634\u062f\u0647\u060c \u0633\u0627\u062e\u062a\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f. \u0627\u06af\u0631 \u0627\u06cc\u0646 \u0645\u0642\u062f\u0627\u0631 \u0628\u0647 \u0637\u0648\u0631 \u062e\u0648\u062f\u06a9\u0627\u0631 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 hostname \u06cc\u0627 \u0645\u0633\u06cc\u0631 URL \u0634\u0646\u0627\u062e\u062a\u0647 \u0634\u0648\u062f\u060c \u062f\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a \u0633\u0637\u062d \u062d\u0645\u0644\u0647\u200c\u06cc \u0627\u062d\u062a\u0645\u0627\u0644\u06cc \u0645\u0634\u062e\u0635 \u0627\u0633\u062a. \u0628\u0627 \u0627\u06cc\u0646 \u0648\u062c\u0648\u062f\u060c \u062f\u0631 \u0686\u0646\u06cc\u0646 \u0645\u0648\u0627\u0631\u062f\u06cc\u060c \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0645\u062b\u0644 \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF \u062a\u0645\u0627\u0645\u200c\u0639\u06cc\u0627\u0631 \u0686\u0646\u06cc\u0646 \u0631\u0641\u062a\u0627\u0631\u06cc \u0631\u0627 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u06a9\u0631\u062f\u060c \u0686\u0648\u0646 \u0645\u0647\u0627\u062c\u0645 \u06a9\u0644 URL \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0634\u062f\u0647 \u0631\u0627 \u06a9\u0646\u062a\u0631\u0644 \u0646\u0645\u06cc\u200c\u06a9\u0646\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5507d7e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5507d7e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4c314c9\" data-id=\"4c314c9\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4de012a elementor-widget elementor-widget-text-editor\" data-id=\"4de012a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><strong>URL\u0647\u0627\u06cc \u0642\u0631\u0627\u0631\u06af\u0631\u0641\u062a\u0647 \u062f\u0631 \u0642\u0627\u0644\u0628\u200c\u0647\u0627\u06cc \u062f\u0627\u062f\u0647 \u0645\u062e\u062a\u0644\u0641<\/strong><\/h3><p style=\"text-align: justify;\">\u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627 \u062f\u0627\u062f\u0647\u200c\u0647\u0627 \u0631\u0627 \u062f\u0631 \u0642\u0627\u0644\u0628\u200c\u0647\u0627\u06cc \u0645\u062a\u0641\u0627\u0648\u062a\u06cc \u0627\u0646\u062a\u0642\u0627\u0644 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f. \u0628\u0639\u0636\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0642\u0627\u0644\u0628\u200c\u0647\u0627 \u0628\u0647 \u0634\u0645\u0627 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f \u062f\u0631 \u0645\u06cc\u0627\u0646 \u062f\u0627\u062f\u0647\u200c\u0647\u0627 URL\u0647\u0627\u06cc\u06cc \u0631\u0627 \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u062f \u0648 \u062a\u0648\u0633\u0637 \u067e\u0627\u0631\u0633\u0631 \u062f\u0627\u062f\u0647\u200c\u06cc \u0622\u0646 \u0642\u0627\u0644\u0628 \u062e\u0627\u0635\u060c \u0628\u0647 \u0622\u0646 URL\u0647\u0627 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u062f\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f. \u06cc\u06a9 \u0645\u062b\u0627\u0644 \u0645\u0639\u0631\u0648\u0641 \u0627\u0632 \u0627\u06cc\u0646 \u0646\u0648\u0639 \u0642\u0627\u0644\u0628\u200c\u0647\u0627\u060c \u0642\u0627\u0644\u0628 XML \u0627\u0633\u062a\u060c \u06a9\u0647 \u0628\u0647 \u0637\u0648\u0631 \u06af\u0633\u062a\u0631\u062f\u0647 \u062a\u0648\u0633\u0637 \u0648\u0628\u200c\u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627 \u0628\u0631\u0627\u06cc \u0627\u0646\u062a\u0642\u0627\u0644 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u0633\u0627\u062e\u062a\u0627\u0631\u0645\u0646\u062f \u0627\u0632 \u06a9\u0644\u0627\u06cc\u0646\u062a \u0628\u0647 \u0633\u0631\u0648\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f. \u0648\u0642\u062a\u06cc \u06cc\u06a9 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u062f\u0627\u062f\u0647 \u0631\u0627 \u062f\u0631 \u0642\u0627\u0644\u0628 XML \u0642\u0628\u0648\u0644 \u06a9\u0631\u062f\u0647 \u0648 \u0622\u0646 \u0631\u0627 parse \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0646\u0633\u0628\u062a \u0628\u0647 XXE Injection \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0628\u0627\u0634\u062f\u060c \u0648 \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062a\u0631\u062a\u06cc\u0628 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0646\u0633\u0628\u062a \u0628\u0647 SSRF \u0627\u0632 \u0637\u0631\u06cc\u0642 XXE \u0646\u06cc\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0628\u0627\u0634\u062f. \u0628\u0631\u0627\u06cc \u0645\u0637\u0627\u0644\u0639\u0647 \u0628\u06cc\u0634\u062a\u0631 \u062f\u0631\u0628\u0627\u0631\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc XXE\u060c \u0628\u0647 \u0645\u0642\u0627\u0644\u0647 \u062d\u0645\u0644\u0627\u062a \u062a\u0632\u0631\u06cc\u0642 XXE \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-8c880d1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8c880d1\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-40bba10\" data-id=\"40bba10\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-36e5f7f elementor-widget elementor-widget-text-editor\" data-id=\"36e5f7f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><strong>SSRF \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0647\u062f\u0631 Referer<\/strong><\/h3><p style=\"text-align: justify;\">\u0628\u0639\u0636\u06cc \u0627\u0632 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627 \u0628\u0631\u0627\u06cc \u0631\u062f\u06cc\u0627\u0628\u06cc \u0628\u0627\u0632\u062f\u06cc\u062f\u06a9\u0646\u0646\u062f\u06af\u0627\u0646 \u062e\u0648\u062f \u0627\u0632 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631\u0647\u0627\u06cc \u062a\u062d\u0644\u06cc\u0644\u06cc \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f. \u0627\u06cc\u0646 \u0646\u0648\u0639 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631\u0647\u0627 \u0645\u0639\u0645\u0648\u0644\u0627 \u0627\u0632 \u0647\u062f\u0631 Referer \u062f\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627 \u0644\u0627\u06af \u0645\u06cc\u200c\u06af\u06cc\u0631\u0646\u062f\u060c \u0632\u06cc\u0631\u0627 \u0627\u06cc\u0646 \u0647\u062f\u0631 \u0628\u0631\u0627\u06cc \u0631\u062f\u06cc\u0627\u0628\u06cc \u0644\u06cc\u0646\u06a9\u200c\u0647\u0627\u06cc \u0648\u0631\u0648\u062f\u06cc \u0628\u0647 \u06a9\u0627\u0631 \u0645\u06cc\u200c\u0622\u06cc\u062f. \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0645\u0639\u0645\u0648\u0644\u0627 \u0628\u0627 \u0627\u06cc\u0646 \u0647\u062f\u0641 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u0645\u062d\u062a\u0648\u0627\u06cc \u0633\u0627\u06cc\u062a\u200c\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u0632 \u0622\u0646\u200c\u062c\u0627 \u0628\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u0631\u062c\u0627\u0639 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647\u200c\u0627\u0646\u062f (\u06cc\u0627 refer \u0634\u062f\u0647\u200c\u0627\u0646\u062f)\u060c \u0627\u0632 \u062c\u0645\u0644\u0647 anchor text (\u0645\u062a\u0646 \u0627\u0646\u06a9\u0631\u060c \u0645\u062a\u0646\u06cc \u06a9\u0647 \u0628\u0647 \u062c\u0627\u06cc \u0644\u06cc\u0646\u06a9 \u0646\u0645\u0627\u06cc\u0634 \u062f\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f) \u0628\u0631\u0631\u0633\u06cc \u0634\u0648\u062f. \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062e\u0627\u0637\u0631\u060c \u0647\u062f\u0631 Referer \u0645\u0639\u0645\u0648\u0644\u0627 \u06cc\u06a9 \u0633\u0637\u062d \u062d\u0645\u0644\u0647\u200c\u06cc \u0627\u062d\u062a\u0645\u0627\u0644\u06cc \u0628\u0631\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc SSRF \u0627\u0633\u062a.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ced34d6 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ced34d6\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3c2f44f\" data-id=\"3c2f44f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1a9ddfd elementor-button-info elementor-align-center elementor-widget elementor-widget-button\" data-id=\"1a9ddfd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-xl\" href=\"http:\/\/dl.liangroup.net\/PDF\/security\/Fa\/SSRF.pdf\" target=\"_blank\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">\u062f\u0627\u0646\u0644\u0648\u062f \u0645\u0642\u0627\u0644\u0647 SSRF<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u062a\u0648\u0636\u06cc\u062d \u0645\u06cc\u200c\u062f\u0647\u06cc\u0645 \u062d\u0645\u0644\u0647\u200c\u06cc SSRF (\u06a9\u0648\u062a\u0627\u0647\u200c\u0634\u062f\u0647\u200c\u06cc Sever-Side Request Forgery) \u06cc\u0627 \u00ab\u062a\u0648\u0644\u06cc\u062f \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc \u0633\u0645\u062a \u0633\u0631\u0648\u0631\u00bb \u0686\u06cc\u0633\u062a\u061f \u0686\u0646\u062f \u0646\u0645\u0648\u0646\u0647\u200e\u200c\u06cc \u0633\u0627\u062f\u0647 \u0627\u0632 \u0622\u0646 \u0631\u0627 \u062a\u0634\u0631\u06cc\u062d \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645\u060c \u0648 \u062a\u0648\u0636\u06cc\u062d \u0645\u06cc\u200c\u062f\u0647\u06cc\u0645 \u0686\u0637\u0648\u0631 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0646\u0648\u0627\u0639 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc SSRF \u0631\u0627 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0648 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u06a9\u0646\u06cc\u062f. SSRF \u0686\u06cc\u0633\u062a\u061f \u062d\u0645\u0644\u0627\u062a SSRF \u0686\u0647 \u0639\u0648\u0627\u0642\u0628\u06cc \u062f\u0627\u0631\u0646\u062f\u061f \u0627\u0646\u0648\u0627\u0639 \u0631\u0627\u06cc\u062c \u062d\u0645\u0644\u0627\u062a SSRF \u062d\u0645\u0644\u0627\u062a SSRF \u0639\u0644\u06cc\u0647 \u062e\u0648\u062f \u0633\u0631\u0648\u0631 \u062d\u0645\u0644\u0627\u062a &hellip;<\/p>\n","protected":false},"author":1,"featured_media":12695,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[275,293,349],"tags":[],"class_list":["post-4322","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-penetration-test-article","category-293","category-slides"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.5 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SSRF \u0686\u06cc\u0633\u062a\u061f \u062a\u0634\u0631\u06cc\u062d \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF + \u062f\u0627\u0646\u0644\u0648\u062f \u0645\u0642\u0627\u0644\u0647 - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646<\/title>\n<meta name=\"description\" content=\"\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc SSRF \u0686\u06cc\u0633\u062a\u061f \u0627\u06cc\u0646 \u0646\u0648\u0639 \u062d\u0645\u0644\u0647 \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u0647\u06a9\u0631 \u0628\u062a\u0648\u0627\u0646\u062f \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0647\u0627\u06cc \u062c\u0639\u0644\u06cc \u0627\u0632 \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631\u062f \u0647\u0627\u06cc \u0632\u06cc\u0627\u062f\u06cc \u06a9\u0647 \u0628\u0647 \u062a\u0634\u0631\u06cc\u062d \u0622\u0646 \u0645\u06cc\u067e\u0631\u062f\u0627\u0632\u06cc\u0645 .\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/liangroup.net\/blog\/what-is-ssrf\/\" \/>\n<meta property=\"og:locale\" content=\"fa_IR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SSRF \u0686\u06cc\u0633\u062a\u061f \u062a\u0634\u0631\u06cc\u062d \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF + \u062f\u0627\u0646\u0644\u0648\u062f \u0645\u0642\u0627\u0644\u0647\" \/>\n<meta property=\"og:description\" content=\"\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc SSRF \u0686\u06cc\u0633\u062a\u061f \u0627\u06cc\u0646 \u0646\u0648\u0639 \u062d\u0645\u0644\u0647 \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u0647\u06a9\u0631 \u0628\u062a\u0648\u0627\u0646\u062f \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0647\u0627\u06cc \u062c\u0639\u0644\u06cc \u0627\u0632 \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631\u062f \u0647\u0627\u06cc \u0632\u06cc\u0627\u062f\u06cc \u06a9\u0647 \u0628\u0647 \u062a\u0634\u0631\u06cc\u062d \u0622\u0646 \u0645\u06cc\u067e\u0631\u062f\u0627\u0632\u06cc\u0645 .\" \/>\n<meta property=\"og:url\" content=\"https:\/\/liangroup.net\/blog\/what-is-ssrf\/\" \/>\n<meta property=\"og:site_name\" content=\"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\" \/>\n<meta property=\"article:author\" content=\"#\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-12T10:50:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-02T12:02:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2020\/06\/server-side-request-forgery-vulnerability-ssrf.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"\u0627\u062f\u0645\u06cc\u0646\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@#\" \/>\n<meta name=\"twitter:site\" content=\"@liansecurity\" \/>\n<meta name=\"twitter:label1\" content=\"\u0646\u0648\u0634\u062a\u0647\u200c\u0634\u062f\u0647 \u0628\u062f\u0633\u062a\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u0627\u062f\u0645\u06cc\u0646\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u0632\u0645\u0627\u0646 \u062a\u0642\u0631\u06cc\u0628\u06cc \u0628\u0631\u0627\u06cc \u062e\u0648\u0627\u0646\u062f\u0646\" \/>\n\t<meta name=\"twitter:data2\" content=\"17 \u062f\u0642\u06cc\u0642\u0647\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-ssrf\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-ssrf\\\/\"},\"author\":{\"name\":\"\u0627\u062f\u0645\u06cc\u0646\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/56ec88338ff7cb5202779a216d9f3399\"},\"headline\":\"SSRF \u0686\u06cc\u0633\u062a\u061f \u062a\u0634\u0631\u06cc\u062d \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF + \u062f\u0627\u0646\u0644\u0648\u062f \u0645\u0642\u0627\u0644\u0647\",\"datePublished\":\"2021-07-12T10:50:08+00:00\",\"dateModified\":\"2022-02-02T12:02:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-ssrf\\\/\"},\"wordCount\":328,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-ssrf\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/server-side-request-forgery-vulnerability-ssrf.jpg\",\"articleSection\":[\"\u0645\u0642\u0627\u0644\u0627\u062a \u062a\u0633\u062a \u0646\u0641\u0648\u0630\",\"\u0645\u0642\u0627\u0644\u0627\u062a \u062a\u0633\u062a \u0646\u0641\u0648\u0630 \u0648\u0628\",\"\u06cc\u06cc\u06cc\u06cc \u0627\u0633\u0644\u0627\u06cc\u062f\"],\"inLanguage\":\"fa-IR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-ssrf\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-ssrf\\\/\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-ssrf\\\/\",\"name\":\"SSRF \u0686\u06cc\u0633\u062a\u061f \u062a\u0634\u0631\u06cc\u062d \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF + \u062f\u0627\u0646\u0644\u0648\u062f \u0645\u0642\u0627\u0644\u0647 - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-ssrf\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-ssrf\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/server-side-request-forgery-vulnerability-ssrf.jpg\",\"datePublished\":\"2021-07-12T10:50:08+00:00\",\"dateModified\":\"2022-02-02T12:02:43+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/56ec88338ff7cb5202779a216d9f3399\"},\"description\":\"\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc SSRF \u0686\u06cc\u0633\u062a\u061f \u0627\u06cc\u0646 \u0646\u0648\u0639 \u062d\u0645\u0644\u0647 \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u0647\u06a9\u0631 \u0628\u062a\u0648\u0627\u0646\u062f \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0647\u0627\u06cc \u062c\u0639\u0644\u06cc \u0627\u0632 \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631\u062f \u0647\u0627\u06cc \u0632\u06cc\u0627\u062f\u06cc \u06a9\u0647 \u0628\u0647 \u062a\u0634\u0631\u06cc\u062d \u0622\u0646 \u0645\u06cc\u067e\u0631\u062f\u0627\u0632\u06cc\u0645 .\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-ssrf\\\/#breadcrumb\"},\"inLanguage\":\"fa-IR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-ssrf\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fa-IR\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-ssrf\\\/#primaryimage\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/server-side-request-forgery-vulnerability-ssrf.jpg\",\"contentUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/server-side-request-forgery-vulnerability-ssrf.jpg\",\"width\":1200,\"height\":630,\"caption\":\"ssrf\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-ssrf\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u062e\u0627\u0646\u0647\",\"item\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SSRF \u0686\u06cc\u0633\u062a\u061f \u062a\u0634\u0631\u06cc\u062d \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF + \u062f\u0627\u0646\u0644\u0648\u062f \u0645\u0642\u0627\u0644\u0647\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/\",\"name\":\"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\",\"description\":\"\u0622\u062e\u0631\u06cc\u0646 \u0627\u062e\u0628\u0627\u0631\u060c\u0645\u0642\u0627\u0644\u0627\u062a \u0648 \u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fa-IR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/56ec88338ff7cb5202779a216d9f3399\",\"name\":\"\u0627\u062f\u0645\u06cc\u0646\",\"description\":\"\u0639\u0644\u0627\u0642\u0645\u0646\u062f \u0628\u0647 \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0648 \u0622\u0634\u0646\u0627 \u0628\u0647 \u062d\u0648\u0632\u0647 \u062a\u0633\u062a \u0646\u0641\u0648\u0630\",\"sameAs\":[\"http:\\\/\\\/liangroup.net\",\"#\",\"https:\\\/\\\/x.com\\\/#\"],\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SSRF \u0686\u06cc\u0633\u062a\u061f \u062a\u0634\u0631\u06cc\u062d \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF + \u062f\u0627\u0646\u0644\u0648\u062f \u0645\u0642\u0627\u0644\u0647 - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","description":"\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc SSRF \u0686\u06cc\u0633\u062a\u061f \u0627\u06cc\u0646 \u0646\u0648\u0639 \u062d\u0645\u0644\u0647 \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u0647\u06a9\u0631 \u0628\u062a\u0648\u0627\u0646\u062f \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0647\u0627\u06cc \u062c\u0639\u0644\u06cc \u0627\u0632 \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631\u062f \u0647\u0627\u06cc \u0632\u06cc\u0627\u062f\u06cc \u06a9\u0647 \u0628\u0647 \u062a\u0634\u0631\u06cc\u062d \u0622\u0646 \u0645\u06cc\u067e\u0631\u062f\u0627\u0632\u06cc\u0645 .","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/liangroup.net\/blog\/what-is-ssrf\/","og_locale":"fa_IR","og_type":"article","og_title":"SSRF \u0686\u06cc\u0633\u062a\u061f \u062a\u0634\u0631\u06cc\u062d \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF + \u062f\u0627\u0646\u0644\u0648\u062f \u0645\u0642\u0627\u0644\u0647","og_description":"\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc SSRF \u0686\u06cc\u0633\u062a\u061f \u0627\u06cc\u0646 \u0646\u0648\u0639 \u062d\u0645\u0644\u0647 \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u0647\u06a9\u0631 \u0628\u062a\u0648\u0627\u0646\u062f \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0647\u0627\u06cc \u062c\u0639\u0644\u06cc \u0627\u0632 \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631\u062f \u0647\u0627\u06cc \u0632\u06cc\u0627\u062f\u06cc \u06a9\u0647 \u0628\u0647 \u062a\u0634\u0631\u06cc\u062d \u0622\u0646 \u0645\u06cc\u067e\u0631\u062f\u0627\u0632\u06cc\u0645 .","og_url":"https:\/\/liangroup.net\/blog\/what-is-ssrf\/","og_site_name":"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","article_author":"#","article_published_time":"2021-07-12T10:50:08+00:00","article_modified_time":"2022-02-02T12:02:43+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2020\/06\/server-side-request-forgery-vulnerability-ssrf.jpg","type":"image\/jpeg"}],"author":"\u0627\u062f\u0645\u06cc\u0646","twitter_card":"summary_large_image","twitter_creator":"@#","twitter_site":"@liansecurity","twitter_misc":{"\u0646\u0648\u0634\u062a\u0647\u200c\u0634\u062f\u0647 \u0628\u062f\u0633\u062a":"\u0627\u062f\u0645\u06cc\u0646","\u0632\u0645\u0627\u0646 \u062a\u0642\u0631\u06cc\u0628\u06cc \u0628\u0631\u0627\u06cc \u062e\u0648\u0627\u0646\u062f\u0646":"17 \u062f\u0642\u06cc\u0642\u0647"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/liangroup.net\/blog\/what-is-ssrf\/#article","isPartOf":{"@id":"https:\/\/liangroup.net\/blog\/what-is-ssrf\/"},"author":{"name":"\u0627\u062f\u0645\u06cc\u0646","@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/56ec88338ff7cb5202779a216d9f3399"},"headline":"SSRF \u0686\u06cc\u0633\u062a\u061f \u062a\u0634\u0631\u06cc\u062d \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF + \u062f\u0627\u0646\u0644\u0648\u062f \u0645\u0642\u0627\u0644\u0647","datePublished":"2021-07-12T10:50:08+00:00","dateModified":"2022-02-02T12:02:43+00:00","mainEntityOfPage":{"@id":"https:\/\/liangroup.net\/blog\/what-is-ssrf\/"},"wordCount":328,"commentCount":0,"image":{"@id":"https:\/\/liangroup.net\/blog\/what-is-ssrf\/#primaryimage"},"thumbnailUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2020\/06\/server-side-request-forgery-vulnerability-ssrf.jpg","articleSection":["\u0645\u0642\u0627\u0644\u0627\u062a \u062a\u0633\u062a \u0646\u0641\u0648\u0630","\u0645\u0642\u0627\u0644\u0627\u062a \u062a\u0633\u062a \u0646\u0641\u0648\u0630 \u0648\u0628","\u06cc\u06cc\u06cc\u06cc \u0627\u0633\u0644\u0627\u06cc\u062f"],"inLanguage":"fa-IR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/liangroup.net\/blog\/what-is-ssrf\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/liangroup.net\/blog\/what-is-ssrf\/","url":"https:\/\/liangroup.net\/blog\/what-is-ssrf\/","name":"SSRF \u0686\u06cc\u0633\u062a\u061f \u062a\u0634\u0631\u06cc\u062d \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF + \u062f\u0627\u0646\u0644\u0648\u062f \u0645\u0642\u0627\u0644\u0647 - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","isPartOf":{"@id":"https:\/\/liangroup.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/liangroup.net\/blog\/what-is-ssrf\/#primaryimage"},"image":{"@id":"https:\/\/liangroup.net\/blog\/what-is-ssrf\/#primaryimage"},"thumbnailUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2020\/06\/server-side-request-forgery-vulnerability-ssrf.jpg","datePublished":"2021-07-12T10:50:08+00:00","dateModified":"2022-02-02T12:02:43+00:00","author":{"@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/56ec88338ff7cb5202779a216d9f3399"},"description":"\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc SSRF \u0686\u06cc\u0633\u062a\u061f \u0627\u06cc\u0646 \u0646\u0648\u0639 \u062d\u0645\u0644\u0647 \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u0647\u06a9\u0631 \u0628\u062a\u0648\u0627\u0646\u062f \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0647\u0627\u06cc \u062c\u0639\u0644\u06cc \u0627\u0632 \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631\u062f \u0647\u0627\u06cc \u0632\u06cc\u0627\u062f\u06cc \u06a9\u0647 \u0628\u0647 \u062a\u0634\u0631\u06cc\u062d \u0622\u0646 \u0645\u06cc\u067e\u0631\u062f\u0627\u0632\u06cc\u0645 .","breadcrumb":{"@id":"https:\/\/liangroup.net\/blog\/what-is-ssrf\/#breadcrumb"},"inLanguage":"fa-IR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/liangroup.net\/blog\/what-is-ssrf\/"]}]},{"@type":"ImageObject","inLanguage":"fa-IR","@id":"https:\/\/liangroup.net\/blog\/what-is-ssrf\/#primaryimage","url":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2020\/06\/server-side-request-forgery-vulnerability-ssrf.jpg","contentUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2020\/06\/server-side-request-forgery-vulnerability-ssrf.jpg","width":1200,"height":630,"caption":"ssrf"},{"@type":"BreadcrumbList","@id":"https:\/\/liangroup.net\/blog\/what-is-ssrf\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u062e\u0627\u0646\u0647","item":"https:\/\/liangroup.net\/blog\/"},{"@type":"ListItem","position":2,"name":"SSRF \u0686\u06cc\u0633\u062a\u061f \u062a\u0634\u0631\u06cc\u062d \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF + \u062f\u0627\u0646\u0644\u0648\u062f \u0645\u0642\u0627\u0644\u0647"}]},{"@type":"WebSite","@id":"https:\/\/liangroup.net\/blog\/#website","url":"https:\/\/liangroup.net\/blog\/","name":"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","description":"\u0622\u062e\u0631\u06cc\u0646 \u0627\u062e\u0628\u0627\u0631\u060c\u0645\u0642\u0627\u0644\u0627\u062a \u0648 \u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/liangroup.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fa-IR"},{"@type":"Person","@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/56ec88338ff7cb5202779a216d9f3399","name":"\u0627\u062f\u0645\u06cc\u0646","description":"\u0639\u0644\u0627\u0642\u0645\u0646\u062f \u0628\u0647 \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0648 \u0622\u0634\u0646\u0627 \u0628\u0647 \u062d\u0648\u0632\u0647 \u062a\u0633\u062a \u0646\u0641\u0648\u0630","sameAs":["http:\/\/liangroup.net","#","https:\/\/x.com\/#"],"url":"https:\/\/liangroup.net\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts\/4322","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/comments?post=4322"}],"version-history":[{"count":0,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts\/4322\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/media\/12695"}],"wp:attachment":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/media?parent=4322"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/categories?post=4322"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/tags?post=4322"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}