3xxcode and the desired URL in the
Locationheader to the request from the vulnerable server, for example:
nc -lvp 80 < response.txt
drive://filepathand set the protocol to
Resolv::getaddressesis OS-dependent, therefore by playing around with different IP formats one can return blank values.
make-1-1-1-1-rebind-127-0-0-1-rr.1u.mswill return the address
184.108.40.206by the first request, and the second -
Client-IPheaders. Such application functionality can lead to a blind SSRF vulnerability if the header values are not properly validated.
Refererheader, which is used by server-side analytics software to track visitors. Such software often logs the
Refererheader from requests, since this allows to track incoming links.
Refererheader. This is typically done to analyze the contents of referring sites, including the anchor text that is used in the incoming links. As a result, the
Refererheader often represents fruitful attack surface for SSRF vulnerabilities.