9 writeups tagged with SSRF
Bug bounty masterclass covering exposed databases, SSRF, subdomain takeover, blind XSS, GitHub secret leaks, Spring Boot heapdump, and session confusion ATO.
ImageMagick policy bypass enables SSRF and local file read to steal credentials. Sudo misconfiguration grants root access.
Grafana SSRF pivots to an internal Grafana instance. Credential reuse for SSH, then environment variable injection via root cron.
TeamCity authentication bypass combined with Bookstack SSRF to read internal files and chain into remote code execution.
WordPress BuddyForms plugin SSRF for local file read. Grafana SQLite injection for credentials. Telescope log viewer arbitrary file read for root key.
Metabase pre-auth RCE CVE-2023-38646 via setup token SSRF for shell. Ubuntu OverlayFS CVE-2023-2640 local privilege escalation for root.
SSRF on a voting system bypasses firewall to reach internal file analysis service. PHP file upload for RCE, AlwaysInstallElevated for SYSTEM.
Markdown XSS for stored cross-site scripting. SSRF via file:// to leak local web app source code, exposed internal site with writable path for root.
Maltrail 0.53 SSRF on a request-basket service. CVE-2023-27163 chained to unauthenticated OS command injection for initial access, sudo privesc.
