server-side
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseServer-Side
服务端
Test for server-side vulnerabilities that allow unauthorized access, RCE, or data exfiltration.
测试可能导致未授权访问、RCE或数据泄露的服务端漏洞。
Techniques
测试技术
| Type | Key Vectors |
|---|---|
| SSRF | Internal service access, cloud metadata, protocol smuggling |
| HTTP Smuggling | CL.TE, TE.CL, TE.TE, CL.0, H2.CL, h2c, multi-layer proxy chains, connection pooling desync |
| Path Traversal | Directory traversal, null bytes, encoding bypass |
| File Upload | Extension bypass, content-type manipulation, polyglot files |
| Deserialization | Java, PHP, Python, .NET gadget chains |
| Host Header | Password reset poisoning, cache poisoning, routing-based SSRF |
| CUPS / cups-browsed | CVE-2024-47076/47175/47176/47177 — UDP browse → IPP injection → PPD injection → foomatic-rip RCE ( |
| 类型 | 关键攻击向量 |
|---|---|
| SSRF | 内部服务访问、云元数据、协议走私 |
| HTTP请求走私 | CL.TE、TE.CL、TE.TE、CL.0、H2.CL、h2c、多层代理链、连接池不同步 |
| 路径遍历 | 目录遍历、空字节、编码绕过 |
| 文件上传 | 扩展名绕过、内容类型篡改、多语言文件 |
| 反序列化 | Java、PHP、Python、.NET gadget chains |
| Host Header | 密码重置投毒、缓存投毒、基于路由的SSRF |
| CUPS / cups-browsed | CVE-2024-47076/47175/47176/47177 — UDP浏览 → IPP注入 → PPD注入 → foomatic-rip RCE ( |
Workflow
测试流程
- Identify server-side processing points
- Test for vulnerability class indicators
- Bypass protections (WAF, allowlists, encoding filters)
- Demonstrate impact (file read, RCE, internal access)
- Capture evidence with PoC
- 识别服务端处理节点
- 测试漏洞类别的特征
- 绕过防护机制(WAF、白名单、编码过滤器)
- 验证影响(文件读取、RCE、内部访问)
- 用PoC捕获证据
Reference
参考资料
- - SSRF techniques and labs
reference/ssrf*.md - - Smuggling techniques
reference/http-request-smuggling*.md - - Path traversal bypass methods
reference/path-traversal*.md - - File upload exploitation
reference/file-upload*.md - - Deserialization attacks
reference/insecure-deserialization*.md - - Host header injection
reference/http-host-header*.md - - CUPS RCE chain (CVE-2024-47076/175/176/177); ipptool false positives vs libcups runtime parser; ippserver Python lib version-1.1 hardcode bug
reference/cups-browsed-exploit.md
- - SSRF技术与实验环境
reference/ssrf*.md - - 请求走私技术
reference/http-request-smuggling*.md - - 路径遍历绕过方法
reference/path-traversal*.md - - 文件上传利用
reference/file-upload*.md - - 不安全反序列化攻击
reference/insecure-deserialization*.md - - Host Header注入
reference/http-host-header*.md - - CUPS远程代码执行链(CVE-2024-47076/175/176/177);ipptool误报与libcups运行时解析器对比;ippserver Python库版本1.1硬编码漏洞
reference/cups-browsed-exploit.md