| Exfiltrating AWS Credentials via PDF Rendering of Unsanitized Input |
|
|
|
| draw.io CVEs |
|
|
|
| Exploits Explained: Using APIs to Execute a Server-Side Request Forgery |
|
|
|
| SSRF That Allowed Us to Access Whole Infra Web Services and Many More |
|
|
|
| Host Header Injection to Complete Organization takeover |
|
|
|
| Blind XSS To SSRF |
|
|
|
| Bypassing E2E encryption leads to multiple high vulnerabilities. |
|
|
|
| How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services |
|
|
|
| Client-Side SSRF to Google Cloud Project Takeover [Google VRP] |
|
|
|
| “2022: A Year of Fascinating Discoveries” |
|
|
|
| Lexmark MC3224adwe RCE exploit |
|
|
|
| The SSRF that Brought down a Server |
|
|
|
| CVE-2022-25026 & CVE-2022-25027: Vulnerabilities in Rocket TRUfusion Enterprise |
|
|
|
| The OWASSRF + TabShell exploit chain |
|
|
|
| Bypassing SSRF Protections |
|
|
|
| Cisco BroadWorks CommPilot Application Software Unauthenticated Server-Side Request Forgery (CVE-2022-20951) |
|
|
|
| The most underrated injection of all time — CYPHER INJECTION. How I found and exploited it ? |
|
|
|
| Multiple Vulnerabilities in Proxmox VE & Proxmox Mail Gateway |
|
|
|
| SSRF via DNS Rebinding (CVE-2022–4096) |
|
|
|
| Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3) |
|
|
|
| Story of a $1k bounty — SSRF to leaking access token and other sensitive information |
|
|
|
| Vulnerabilities In Apache Batik Default Security Controls – SSRF And RCE Through Remote Class Loading |
|
|
|
| Exploiting Static Site Generators: When Static Is Not Actually Static |
|
|
|
| AWS SSRF to Root on production instance — A bug worth 1.75Lacs |
|
|
|
| SSRF Bug Leads To AWS Metadata Exposure |
|
|
|
writeups.xyz
/
SSRF