23Ara
SSRF trough Gopher
Gopher protocol is used a lot when exploiting SSRF, but how?
a Gopher URL takes the form:
gopher://<host>:<port>/<gopher-path>
but let's take this example:
gopher://10.10.10.3:80/_POST%20/login%20HTTP/1.1%0aContent-Type:%20application/x-www-form-urlencoded%0aContent-Length:%2041%0a%0ausername%3dtest%26password%3passw0rd12
why is there a HTTP request as a "path"
