Contents
References
- Portswigger: SSRF
- [2022] Miracle - One Vulnerability To Rule Them All
- [2022] Pwn2Own 2021 Microsoft Exchange Exploit Chain
- [2022] Hacking a NFT Platform
- [2022] Finding vulnerabilities in curl 7.83.0 without reading a single-line of C code
- [2022] From blind SSRF to localhost dirbusting and asset enumeration
- [2022] Chaining vulnerabilities to criticality in Progress WhatsUp Gold
- [2022] Another vision for SSRF
- [2022] From open redirect to RCE in one week
- [2022] Stealing Google Drive OAuth tokens from Dropbox
- [2022] A Fun SSRF through a Headless Browser
- [2022] Adventures Into The MeowCorp Bug Bounty Program
- [2022] SVG SSRFs and saga of bypasses
- [2022] SSRF and Account Takeover via XSS in ERPNext (0-day)
- [2022] Exploitation of an SSRF vulnerability against EC2 IMDSv2
- [2022] Exploiting a double-edged SSRF for server and client-side impact
- [2022] Critical SSRF on Evernote
- [2022] Circumventing Browser Security Mechanisms For SSRF
- [2022] SSRF to a Full Account Takeover (ATO)
- [2022] SSRF & LFI In Uploads Feature
- [2022] CVE-2022-21703: cross-origin request forgery against Grafana
- [2022] Hacking Google Drive Integrations
- [2022] Multiple HTTP Redirects to Bypass SSRF Protections
- [2022] Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite
- [2022] 120 Days of High Frequency Hunting
- [2022] Stealing administrative JWT’s through post auth SSRF (CVE-2021-22056)
- [2022] Exploiting Redash instances with CVE-2021-41192
- [2022] Security issues with cloudflare/odoh-server-go and the ODoH RFC draft
- [2022] Finding a Kernel 0-day in VMware vCenter Converter via Static Reverse Engineering
- [2022] Catching bugs in VMware: Carbon Black Cloud Workload Appliance and vRealize Operations Manager
- [2022] Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054)
- [2017] Cracking the lens: targeting HTTP’s hidden attack-surface