| Pwn2Own 2021 Microsoft Exchange Exploit Chain |
|
|
|
| Hacking a NFT Platform |
|
|
|
| Finding vulnerabilities in curl 7.83.0 without reading a single-line of C code |
|
|
|
| From blind SSRF to localhost dirbusting and asset enumeration |
|
|
|
| Chaining vulnerabilities to criticality in Progress WhatsUp Gold |
|
|
|
| Another vision for SSRF |
|
|
|
| From open redirect to RCE in one week |
|
|
|
| DNN CMS Server-Side Request Forgery (CVE-2021-40186) |
|
|
|
| Stealing Google Drive OAuth tokens from Dropbox |
|
|
|
| Exploitation of an SSRF vulnerability against EC2 IMDSv2 |
|
|
|
| Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054) |
|
|
|
| Adventures Into The MeowCorp Bug Bounty Program |
|
|
|
| Security issues with cloudflare/odoh-server-go and the ODoH RFC draft |
|
|
|
| SVG SSRFs and saga of bypasses |
|
|
|
| SSRF and Account Takeover via XSS in ERPNext (0-day) |
|
|
|
| Cloud SSRF Exploitation |
|
|
|
| Exploiting a double-edged SSRF for server and client-side impact |
|
|
|
| Critical SSRF on Evernote |
|
|
|
| Circumventing Browser Security Mechanisms For SSRF |
|
|
|
| SSRF & LFI In Uploads Feature |
|
|
|
| Catching bugs in VMware: Carbon Black Cloud Workload Appliance and vRealize Operations Manager |
|
|
|
| CVE-2022-21703: cross-origin request forgery against Grafana |
|
|
|
| Oracle Server Side Request Forgery (SSRF) Metadata |
|
|
|
| Hacking Google Drive Integrations |
|
|
|
| Multiple HTTP Redirects to Bypass SSRF Protections |
|
|
|
writeups.xyz
/
SSRF