API tools faq
paste
Drvirus1911

Server Side Request Forgery Writeups

Drvirus1911
May 16th, 2020
243
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.02 KB | None | 0 0
raw download clone embed print report
  1. http://10degres.net/aws-takeover-ssrf-javascript/
  2. http://blog.haao.sh/notes/downnotifer-ssrf/
  3. http://www.kernelpicnic.net/2017/05/29/Pivoting-from-blind-SSRF-to-RCE-with-Hashicorp-Consul.html
  4. https://buer.haus/2016/04/18/esea-server-side-request-forgery-and-querying-aws-meta-data/
  5. https://buer.haus/2017/03/09/airbnb-chaining-third-party-open-redirect-into-server-side-request-forgery-ssrf-via-liveperson-chat/
  6. https://buer.haus/2017/06/29/escalating-xss-in-phantomjs-image-rendering-to-ssrflocal-file-read/
  7. https://dos.sh/blog/2017/6/21/yahoo-small-business-luminate-and-the-not-so-secret-keys
  8. https://evanricafort.blogspot.com/2019/08/ssrf-vulnerability-in.html
  9. https://geleta.eu/2019/my-first-ssrf-using-dns-rebinfing/
  10. https://hk.saowen.com/a/a8d21c0bdf39e733395aefc0e331998e3d618558f90cf06135aa4df411804e59
  11. https://jinone.github.io/bugbounty-a-simple-ssrf/
  12. https://medium.com/@0ktavandi/blind-ssrf-in-stripe-com-due-to-sentry-misconfiguration-60ebb6a40b5
  13. https://medium.com/@D0rkerDevil/how-i-convert-ssrf-to-xss-in-a-ssrf-vulnerable-jira-e9f37ad5b158
  14. https://medium.com/@GeneralEG/escalating-ssrf-to-rce-f28c482eb8b9
  15. https://medium.com/@Skylinearafat/how-outdated-jira-instances-suffers-from-multiple-security-vulnerabilities-6a88c45e9ec6
  16. https://medium.com/@adeshkolte/how-i-found-xss-via-ssrf-vulnerability-adesh-kolte-873b30a6b89f
  17. https://medium.com/@androgaming1912/gain-adfly-smtp-access-with-ssrf-via-gopher-protocol-26a26d0ec2cb
  18. https://medium.com/@armaanpathan/pdfreacter-ssrf-to-root-level-local-file-read-which-led-to-rce-eb460ffb3129
  19. https://medium.com/@d0nut/piercing-the-veal-short-stories-to-read-with-friends-4aa86d606fc5
  20. https://medium.com/@dPhoeniixx/vimeo-upload-function-ssrf-7466d8630437
  21. https://medium.com/@elberandre/1-000-ssrf-in-slack-7737935d3884
  22. https://medium.com/@elberandre/ssrf-trick-ssrf-xspa-in-microsofts-bing-webmaster-central-8015b5d487fb
  23. https://medium.com/@know.0nix/hunting-good-bugs-with-only-html-d8fd40d17b38
  24. https://medium.com/@kurtikleiton/blind-ssrf-on-coda-io-c7063f304455
  25. https://medium.com/@logicbomb_1/chain-of-hacks-leading-to-database-compromise-b2bc2b883915
  26. https://medium.com/@logicbomb_1/the-journey-of-web-cache-firewall-bypass-to-ssrf-to-aws-credentials-compromise-b250fb40af82
  27. https://medium.com/@logicbomb_1/the-unusual-case-of-open-redirection-to-aws-security-credentials-compromise-59acc312f02b
  28. https://medium.com/@maxon3/pcextreme-nl-fake-bug-bounty-1a8bf01d518f
  29. https://medium.com/@michan001/ssrf-on-pdf-generator-36b81e16d67b
  30. https://medium.com/@neerajedwards/reading-internal-files-using-ssrf-vulnerability-703c5706eefb
  31. https://medium.com/@ozguralp/using-vulnerability-analytics-feature-like-a-boss-655fc1f1543b
  32. https://medium.com/@pflash0x0punk/ssrf-via-ffmpeg-hls-processing-a04e0288a8c5
  33. https://medium.com/@pratiky054/ssrf-to-read-local-files-and-abusing-the-aws-metadata-8621a4bf382
  34. https://medium.com/@putracraft.theworld/server-side-request-forgery-in-openid-support-defcc64d5e41
  35. https://medium.com/@rooterkaustubh/the-story-of-blind-ssrf-leads-to-internal-host-discovery-ee65b9b91e23
  36. https://medium.com/@rootxharsh_90844/vimeo-ssrf-with-code-execution-potential-68c774ba7c1e
  37. https://medium.com/@sivakrishnasamireddi/just-another-tale-of-severe-bugs-on-a-private-program-405870b03532
  38. https://medium.com/@th3g3nt3l/how-i-found-an-ssrf-in-yahoo-guesthouse-recon-wins-8722672e41d4
  39. https://medium.com/@tungpun/from-ssrf-to-local-file-disclosure-58962cdc589f
  40. https://medium.com/@w_hat_boy/server-side-request-forgery-ssrf-port-issue-hidden-approch-f4e67bd8cc86
  41. https://medium.com/@zain.sabahat/exploiting-ssrf-like-a-boss-c090dc63d326
  42. https://medium.com/a-bugz-life/exploiting-an-ssrf-trials-and-tribulations-14c5d8dbd69a
  43. https://medium.com/a-bugz-life/the-bugs-are-out-there-hiding-in-plain-sight-12d056613ea3
  44. https://medium.com/bugbountywriteup/bug-bounty-fastmail-feeda67905f5
  45. https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a
  46. https://mike-n1.github.io/SSRF_P4toP2
  47. https://ngailong.wordpress.com/2019/04/07/old-but-gold-dot-dot-slash-to-get-the-flag-uber-microservice/amp/
  48. https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdriver/
  49. https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/
  50. https://philippeharewood.com/cve-2018-16794-on-fs-thefacebook-com/
  51. https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html
  52. https://www.ansariosama.com/2017/09/exploiting-single-request-for-multiple.html
  53. https://www.coengoedegebure.com/how-i-got-access-to-local-aws-info-via-jira/
  54. https://www.mohamedharon.com/2019/02/ssrf-server-side-request-forgery-in.html#.XGWpfioiVM4.twitter
  55. https://www.openbugbounty.org/blog/leonmugen/ssrf-reading-local-files-from-downnotifier-server/
  56. https://www.rcesecurity.com/2017/03/ok-google-give-me-all-your-internal-dns-information/
  57. https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/
  58. https://www.shawarkhan.com/2018/05/getting-read-access-on-edmodo.html
  59. https://ysx.me.uk/a-pair-of-plotly-bugs-stored-xss-and-aws-metadata-ssrf/
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!