Baadhi ya kazi kama vile file_get_contents(), fopen(), file(), md5_file() hukubali URL kama data ya kuingiza ambayo itafuata kufanya **mabaya ya udhaifu wa SSRF ikiwa mtumiaji anaweza kudhibiti data:
Zaidi, katika baadhi ya kesi inaweza hata kuwa inawezekana kutuma vichwa vya habari vya kupendelea kupitia CRLF "udhaifu" katika kazi za awali:
# The following will create a header called from with value Hi and# an extra header "Injected: I HAVE IT"ini_set("from","Hi\r\nInjected: I HAVE IT");file_get_contents("http://127.0.0.1:8081");GET / HTTP/1.1From: HiInjected: I HAVE ITHost: 127.0.0.1:8081Connection: close# Any of the previously mentioned functions will send those headers
Tafadhali elewa kwamba hizi kazi zinaweza kuwa na njia nyingine za kuweka vichwa vya habari vya uongo katika maombi, kama vile:
$url ="";$options =array('http'=>array('method'=>"GET",'header'=>"Accept-language: en\r\n"."Cookie: foo=bar\r\n".// check function.stream-context-create on php.net"User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.102011-10-16 20:23:10\r\n" // i.e. An iPad
));$context =stream_context_create($options);$file =file_get_contents($url,false, $context);
