# SSRF 漏洞平台

{{#include ../../banners/hacktricks-training.md}}

检查 **[https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/](https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/)**

- SugarCRM ≤ 14.0.0 – LESS `@import` 注入在 `/rest/v10/css/preview` 中启用未经身份验证的 SSRF 和本地文件读取。

{{#ref}}
../less-code-injection-ssrf.md
{{#endref}}

{{#include ../../banners/hacktricks-training.md}}