Server-side request forgery (SSRF)

Try basic localhost payloads

Common injection parameters

"access=", 
"admin=", 
"dbg=", 
"debug=", 
"edit=", 
"grant=", 
"test=", 
"alter=", 
"clone=", 
"create=", 
"delete=", 
"disable=", 
"enable=", 
"exec=", 
"execute=", 
"load=", 
"make=", 
"modify=", 
"rename=", 
"reset=", 
"shell=", 
"toggle=", 
"adm=", 
"root=", 
"cfg=",
"dest=", 
"redirect=", 
"uri=", 
"path=", 
"continue=", 
"url=", 
"window=", 
"next=", 
"data=", 
"reference=", 
"site=", 
"html=", 
"val=", 
"validate=", 
"domain=", 
"callback=", 
"return=", 
"page=", 
"feed=", 
"host=", 
"port=", 
"to=", 
"out=",
"view=", 
"dir=", 
"show=", 
"navigation=", 
"open=",
"file=",
"document=",
"folder=",
"pg=",
"php_path=",
"style=",
"doc=",
"img=",
"filename="

PreviousCross-origin resource sharing (CORS)NextBypassing filters

Last updated 2 years ago