GET
or POST
requests. Less well-known locations for SSRF include:localhost
is used in the URL to access data and services which are only accessible via the local network.GET
request with a vulnerable open redirect:POST
request with a similarly unsanitized URL parameter:curl http://169.254.169.254/whatever
to get the same data.