| Directory Traversal, SQL Injection and Server-Side Request Forgery |
|
|
|
| NTLM Credential Theft in Python Windows Applications |
|
|
|
| Vulnerabilities in Homepage Dashboard |
|
|
|
| SSRFing the Web with the help of Copilot Studio |
|
|
|
| CVE-2024-38428 Wget Vulnerability: All you need to know |
|
|
|
| Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! |
|
|
|
| Listen to the whispers: web timing attacks that actually work |
|
|
|
| Canary Token OSS Security Audit Report (Q2 2024) |
|
|
|
| Unauthenticated SSRF on Havoc C2 teamserver via spoofed demon agent |
|
|
|
| Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough |
|
|
|
| The PDF Trojan Horse: Leveraging HTML Injection for SSRF and Internal Resource Access |
|
|
|
| A story of a nice SSRF vulnerability. |
|
|
|
| These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action Required) |
|
|
|
| Digging for SSRF in NextJS apps |
|
|
|
| Micro Services, Major Headaches: Detecting Vulnerabilities in Erxes' Microservices |
|
|
|
| The story of exposed service, SSRF, CSP bypass and credentials stealing via XSS |
|
|
|
| Judge0 Sandbox Escape |
|
|
|
| Tableau Server - There Ain't No Vulns |
|
|
|
| SSRF on a Headless Browser Becomes Critical! |
|
|
|
| Auth Bypass Round Two |
|
|
|
| Weird bug to steal users credentials |
|
|
|
| Hunting for SSRF Bugs in PDF Generators |
|
|
|
| How I Discovered SSRF on Hackerone Program |
|
|
|
| How I Automatically Discovered SSRF in Hackerone Program |
|
|
|
| Securing our home labs: Frigate code review |
|
|
|
writeups.xyz
/
SSRF