A somewhat curated list of links to various topics in application security.
| Link | Excerpt | Word Count |
|---|---|---|
| SSRF bible. Cheatsheet | 0 | |
| CWE-918 | Content History Submissions Submission Date Submitter Organization 2013-02-17 (CWE 2. | 105 |
| What is server-side request forgery (SSRF)? | Server-side request forgery (SSRF) is the only type of vulnerability that has its own category in the OWASP Top 10 2021 list. Several major cybersecurity breaches in recent years, including Capital One and MS Exchange attacks, involved the use of SSRF as one of the break-in techniques. | 973 |
| https://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf | 0 | |
| bcoles/ssrf_proxy | SSRF Proxy is a multi-threaded HTTP proxy server designed to tunnel client HTTP traffic through HTTP servers vulnerable to Server-Side Request Forgery (SSRF). Once configured, SSRF Proxy attempts to format client HTTP requests appropriately for the vulnerable server. | 708 |
| taviso/rbndr | rbndr is a very simple, non-conforming, name server for testing software against DNS rebinding vulnerabilities. The server responds to queries by randomly selecting one of the addresses specified in the hostname and returning it as the answer with a very low ttl. | 544 |
| qazbnm456/awesome-web-security | Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc. | 4634 |
| cujanovic/SSRF-Testing | Status codes: 300, 301, 302, 303, 305, 307, 308 | 782 |
| https://medium.com/@neerajedwards/reading-internal-files-using-ssrf-vulnerability-703c5706eefb | 0 | |
| How i found an SSRF in Yahoo! Guesthouse (Recon Wins) | As i said before sharing is caring, here i am describing one of my findings that was closed 2 weeks ago in yahoo Guesthouse https://gh.bouncer.login.yahoo.com/ and i am describing in details, how recon helped me finding a vulnerable endpoint where i achieved the SSRF. | 1311 |
| PHP SSRF Techniques | In this article, I want to go deep on a few SSRF techniques that you can use against a PHP script that use filters like filter_var() or preg_match() and get HTTP contents using curl or file or file_get_contents(). | 1535 |
| How i converted SSRF TO XSS in jira. | Before i start Acunetix does Subdomain scans so just set the time out to 20 and you will get a really big list with banners and response headers. (it does the half of the work for you.) Now, i been through lots of subdomains and i was specifically looking for any jira environment , and i found one. | 320 |
| Server Side Request Forgery (SSRF) Testing | Well this story is just for fun testing SSRF not a bounty write up. I found a random web that vulnerable to SSRF but in order to exploit it i should convert my input to base64. Here is the site . If i decode the base64 then i got this pacman game site http://www.top80sgames.com/site/content/pacman. | 208 |
| Server Side Request Forgery (SSRF) Testing | Well this story is just for fun testing SSRF not a bounty write up. I found a random web that vulnerable to SSRF but in order to exploit it i should convert my input to base64. Here is the site . If i decode the base64 then i got this pacman game site http://www.top80sgames.com/site/content/pacman. | 208 |
| Into the Borg – SSRF inside Google production network | In March 2018, I reported an XSS in Google Caja, a tool to securely embed arbitrary html/javascript in a webpage. In May 2018, after the XSS was fixed, I realised that Google Sites was using an unpatched version of Google Caja, so I looked if it was vulnerable to the XSS. | 1518 |
| Security Bugs in Practice: SSRF via Request Splitting | One of the most interesting (and sometimes scary!) parts of my job at Mozilla is dealing with security bugs. | 2522 |
| AWS takeover through SSRF in JavaScript | Here is the story of a bug I found in a private bug bounty program on Hackerone. It took me exactly 12h30 -no break- to find it, exploit and report. | 1764 |
| swisskyrepo/SSRFmap | SSRF are often used to leverage actions on other services, this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz. | 1201 |
| 0xdf hacks stuff | Runner is all about exploiting a TeamCity server. I’ll start with an authentication bypass vulnerability that allows me to generate an API token. | 65535 |
| https://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-1-29d034c27978 | 0 | |
| SSRF’s up! Real World Server-Side Request Forgery (SSRF) | In this blog post we’re going to explain what an SSRF attack is, how to test for it, and some basic guidelines on how to fix it. We will be using a real-world example, exploiting a vulnerability we discovered in a commercial Business Intelligence product called Dundas BI. | 1806 |
| https://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-2-a085ec4332c0 | 0 | |
| https://medium.com/@arbazhussain/svg-xlink-ssrf-fingerprinting-libraries-version-450ebecc2f3c | 0 | |
| https://medium.com/@rootxharsh_90844/vimeo-ssrf-with-code-execution-potential-68c774ba7c1e | 0 | |
| https://medium.com/@armaanpathan/pdfreacter-ssrf-to-root-level-local-file-read-which-led-to-rce-eb460ffb3129 | 0 | |
| https://link.medium.com/oH6MAOMc2V | 0 | |
| https://medium.com/@logicbomb_1/the-journey-of-web-cache-firewall-bypass-to-ssrf-to-aws-credentials-compromise-b250fb40af82 | 0 | |
| https://link.medium.com/HOGdT5ocfW | 0 | |
| https://link.medium.com/JzxK9eodaX | 0 | |
| https://medium.com/@vickieli/bypassing-ssrf-protection-e111ae70727b | 0 | |
| Server Side Request Forgery (SSRF) | 0 | |
| Server Side Request Forgery Prevention | The objective of the cheat sheet is to provide advices regarding the protection against Server Side Request Forgery (SSRF) attack. This cheat sheet will focus on the defensive point of view and will not explain how to perform this attack. | 3197 |
| allanlw/svg-cheatsheet | Hosts that process SVG can potentially be vulnerable to SSRF, LFI, XSS, RCE because of the rich feature set of SVG. All of these methods specify a URI, which can be absolute or relative. | 1419 |
| https://link.medium.com/oa2D2LupcZ | 0 | |
| SSRF in the Wild | This is an analysis of publicly disclosed SSRF vulnerabilities. I will go into where these vulnerabilities were found, the criticality of these bugs, and the fixes implemented by the vendor after the report. | 1479 |
| SSRF in the Wild | This is an analysis of publicly disclosed SSRF vulnerabilities. I will go into where these vulnerabilities were found, the criticality of these bugs, and the fixes implemented by the vendor after the report. | 1479 |
| SpiderMate/B-XSSRF | Upload the files to your server. Create a Database and upload database.sql file to it. Change the DB Credentials in db.php file. Ready. BLIND XSS <embed src="http://mysite.com/bxssrf/request.php"> <script src="http://mysite.com/bxssrf/request.php"> BLIND XXE <?xml version="1. | 76 |
| https://link.medium.com/eYV17swFvZ | 0 | |
| SSRF in the Wild | This is an analysis of publicly disclosed SSRF vulnerabilities. I will go into where these vulnerabilities were found, the criticality of these bugs, and the fixes implemented by the vendor after the report. | 1479 |
| jdonsec/AllThingsSSRF | This is currently work in progress I will add more resources as I find them. Detectfy - What is server side request forgery (SSRF)? | 1095 |
| B-XSSRF - Toolkit To Detect And Keep Track On Blind XSS, XXE And SSRF | Toolkit to detect and keep track on Blind XSS, XXE & SSRF. | 90 |
| incredibleindishell/SSRF_Vulnerable_Lab | This repository contain PHP codes which are vulnerable to Server-Side Request Forgery (SSRF) attack. In programming languages, there are functions which can fetch the contents of locally saved file. These functions may be capable of fetching the content from remote URLs as well local files (e. | 863 |
| teknogeek/ssrf-sheriff | This is an SSRF testing sheriff written in Go. It was originally created for the Uber H1-4420 2019 London Live Hacking Event, but it is now being open-sourced for other organizations to implement and contribute back to. Released under the MIT License. | 214 |
| https://link.medium.com/VoengTvAi1 | 0 | |
| [bugbounty] A Simple SSRF | 0 | |
| SSRF payloads | The service nip.io is awesome for that, it will convert any ip address as a dns. Allows an attacker to fetch any content from the web, it can also be used to scan ports. | 1537 |
| PayloadsAllTheThings/Server Side Request Forgery at master · swisskyrepo/PayloadsAllTheThings | A list of useful payloads and bypass for Web Application Security and Pentest/CTF - PayloadsAllTheThings/Server Side Request Forgery at master · swisskyrepo/PayloadsAllTheThings | 0 |
| Server Side Request Forgery (SSRF) and AWS EC2 instances after Instance Meta Data Service version… | Having blogged about exploiting SSRF on AWS EC2 instances in the past, we wanted to give you an update on where things stand now. Server Side Request Forgery can be an extremely lucrative finding to an attacker because of the ability to make requests from the target machine. | 1095 |
| Server Side Request Forgery (SSRF) and AWS EC2 instances after Instance Meta Data Service version… | Having blogged about exploiting SSRF on AWS EC2 instances in the past, we wanted to give you an update on where things stand now. Server Side Request Forgery can be an extremely lucrative finding to an attacker because of the ability to make requests from the target machine. | 1095 |
| SSRF (Server Side Request Forgery) | Use Trickest to easily build and automate workflows powered by the world's most advanced community tools. Get Access Today: A Server-side Request Forgery (SSRF) vulnerability occurs when an attacker manipulates a server-side application into making HTTP requests to a domain of their choice. | 1076 |
| https://medium.com/a-bugz-life/exploiting-an-ssrf-trials-and-tribulations-14c5d8dbd69a | 0 | |
| https://link.medium.com/j3rkNajmr5 | 0 | |
| Server Side Request Forgery | Kontra | 0 | |
| https://cheatsheetseries.owasp.org/assets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet_SSRF_Bible.pdf | 0 | |
| https://medium.com/bugbountywriteup/story-of-a-2-5k-bounty-ssrf-on-zimbra-led-to-dump-all-credentials-in-clear-text-6fe826005ccc | 0 | |
| https://medium.com/bugbountywriteup/vimeo-ssrf-with-code-execution-potential-68c774ba7c1e | 0 | |
| https://medium.com/bugbountywriteup/my-first-bug-blind-ssrf-through-profile-picture-upload-72f00fd27bc6 | 0 | |
| https://medium.com/bugbountywriteup/server-side-request-forgery-ssrf-f62235a2c151 | 0 | |
| Oh snap! We don't support this version of your browser, and neither should you! | You are visiting this page because we detected an unsupported browser. Your browser does not support security features that we require. We highly recommend that you update your browser. If you believe you have arrived here in error, please contact us. Be sure to include your browser version. | 48 |
| https://link.medium.com/3LqSxFV4j9 | 0 | |
| imran-parray/Mind-Maps | This repository stores and houses various Mindmaps for bug bounty Hunters🧑🦰, pentesters🧑🦰 and offensive(🔴)/defensive(🔵) security Professionals🫂 provided by me as well as contributed by the community🧑🏻🤝🧑🏽. | 43 |
| Exploiting: SSRF For Admin Access | Server-Side Request Forgery (SSRF):- SSRF is an attack in which an attacker can force a vulnerable server to trigger malicious requests to third-party servers and or to internal resources. | 205 |
| https://medium.com/bugbountywriteup/server-side-request-forgery-ssrf-exploitation-technique-9bc4b4045fbd | 0 | |
| https://medium.com/@shahjerry33/blind-ssrf-the-hide-seek-game-da9d0ecef2fb | 0 | |
| Uncovering a blind SSRF Vulnerability in Facebook’s Infrastructure ($10000 — Bug Bounty) | This is a write-up about a blind SSRF vulnerability I found and reported to Facebook. The vulnerability could have allowed a malicious actor to send internal requests to the Facebook corporate network. | 311 |
| Dark Side 108: Intro to SSRF | Today’s challenge demonstrated a Server-Side Request Forgery attack. As it sounds, this attack tricks a website into letting a user into the backend server supporting a public facing web application. | 216 |
| A Pentester’s Guide to Server Side Request Forgery (SSRF) | What is SSRF? In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL, which the code running on the server will read or submit data. | 700 |
| Burp Suite For Pentester: HackBar | Isn’t it a bit time consuming and a boring task to insert a new payload manually every time for a specific vulnerability and check for its response? | 2021 |
| ethicalhackingplayground/ssrf-king | SSRF plugin for burp that Automates SSRF Detection in all of the Request If you are facing any problems or would like a new feature that is not listed below Please create a new issue below in this form Create New Issue ✔️ It will soon have a user Interface to specifiy your own call back payloa | 286 |
| vavkamil/awesome-bugbounty-tools | A curated list of various bug bounty tools ReconSubdomain Enumeration Port Scanning Screenshots Technologies Content Discovery Links Parameters Fuzzing ExploitationCommand Injection CORS Misconfiguration CRLF Injection CSRF Injection Directory Traversal File Inclusion GraphQL Injection Header Inject | 4230 |
| A Glossary of Blind SSRF Chains | What is Server Side Request Forgery (SSRF)? Server Side Request Forgery occurs when you can coerce a server to make arbitrary requests on your behalf. As the requests are being made by the server, it may be possible to access internal resources due to where the server is positioned in the network. | 3478 |
| assetnote/blind-ssrf-chains | Server Side Request Forgery occurs when you can coerce a server to make arbitrary requests on your behalf. As the requests are being made by the server, it may be possible to access internal resources due to where the server is positioned in the network. | 3312 |
| SSRF and Open Redirect CheatSheet | SSRF Basic ?url=http://localhost/server-status ?url=http://127.0.0.1/server-status ?url=http://internal_domain/page ?url=http://internal_ip(192.138.0.14)/page Bypass SSRF with Special chars ?url=http://allow_domain. | 220 |
| Server Side Request Forgery | Server-side request forgery (or SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. | 697 |
| lutfumertceylan/top25-parameter | For basic researches, top 25 vulnerable parameters based on frequency of use with reference to various articles. These parameters can be used for automation tools or manual recon. Although the prevalence percentages of these parameters cannot be proven precisely. | 160 |
| Uncovering a blind SSRF Vulnerability in Facebook’s Infrastructure ($10000 — Bug Bounty) | This is a write-up about a blind SSRF vulnerability I found and reported to Facebook. The vulnerability could have allowed a malicious actor to send internal requests to the Facebook corporate network. | 311 |
| https://infosecwriteups.com/story-of-a-really-cool-ssrf-bug-cf88a3800efc | 0 | |
| https://medium.com/@logicbomb/the-journey-of-web-cache-firewall-bypass-to-ssrf-to-aws-credentials-compromise-b250fb40af82 | 0 | |
| https://highon.coffee/blog/ssrf-cheat-sheet/ | 0 | |
| CodeNinja | Posted on June 6, 2022 | 3 |
| SSRF | In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL, which the code running on the server will read or submit data. | 315 |
| SSRF In The Wild | This is an analysis of publicly disclosed SSRF vulnerabilities. I will go into where these vulnerabilities were found, the criticality of these bugs, and the fixes implemented by the vendor after the report. | 1416 |
| On SSRF (Server Side Request Forgery) or Simple Stuff Rodolfo Found | I think the most we have to test against an application the better. But as you can see by yourself (correct me if I’m wrong please) the following set of scenarios and payloads are not addressed in most of the lists you can find out there for SSRF (Server Side Request Forgery). | 747 |
| A10 Server Side Request Forgery (SSRF) | This category is added from the Top 10 community survey (#1). The data shows a relatively low incidence rate with above average testing coverage and above-average Exploit and Impact potential ratings. | 515 |
| How To: Server-Side Request Forgery (SSRF) | Server-Side Request Forgery, SSRF for short, is a vulnerability class that describes the behavior of a server making a request that’s under the attacker’s control. This post will go over the impact, how to test for it, the potential pivots, defeating mitigations, and caveats. | 2005 |
| Beginner Guide To Exploit Server Side Request Forgery (SSRF) Vulnerability | Server Side Request Forgery (SSRF) is simply an attack where the server will make a request (act like a proxy) for the attacker either to a local or to a remote source and then return a response containing the data resulting from the request. | 1101 |
| 10 Types of Web Vulnerabilities that are Often Missed | Crowdsource hackers Hakluke and Farah Hawa share the top web vulnerabilities that are often missed during security testing. When hunting for bugs, especially on competitive bug bounty programs, it is always best to hunt in a way that invokes the least competition. | 3624 |
| knassar702/lorsrf | Lorsrf is a powerful web penetration testing tool designed to identify parameters that can be exploited for SSRF or Out-of-band resource load attacks. | 462 |
| swisskyrepo/SSRFmap | SSRF are often used to leverage actions on other services, this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz. | 1201 |
| Awesome SSRF writeups | This is currently work in progress I will add more resources as I find them. | 30 |
| Server-Side Request Forgery (SSRF) | In this chapter, we are going to learn about server-side request forgery (or also called SSRF). TL;DR: An SSRF vulnerability allows an attacker to send requests from an asset behind the firewall. | 1218 |
| WSTG - v4.2 | Web applications often interact with internal or external resources. While you may expect that only the intended resource will be handling the data you send, improperly handled data may create a situation where injection attacks are possible. | 582 |
| Multiple HTTP Redirects to Bypass SSRF Protections | I needed to utilize many known SSRF techniques at once to successfully exploit many endpoints in the same company. After discovering away, I applied it to all functionalities that use attacker-controlled URLs and found 2 blind and 1 full read SSRFs. | 841 |
| SSRF Vulnerability From a Developer’s Perspective | OWASP Top 10 provides users a list of vulnerabilities in the field of application security. This list is prepared based on the severity of the occurrence of an attack, SSRF is one of them. | 214 |
| ksharinarayanan/SSRFire | An automated SSRF finder. Just give the domain name and your server and chill! ;) It also has options to find XSS and open redirects. If you don't have burpsuite professional, you can use interact sh by the awesome projectdiscovery team as your server. | 636 |
| Server Side Request Forgery (SSRF) Attacks & How to Prevent Them | Server-Side Request Forgery (SSRF) attacks allow an attacker to make requests to any domains through a vulnerable server. Attackers achieve this by making the server connect back to itself, to an internal service or resource, or to its own cloud provider. | 2242 |
| Th0h0/autossrf | autoSSRF is your best ally for identifying SSRF vulnerabilities at scale. | 293 |
| reddelexc/hackerone-reports | Tops of HackerOne reports. All reports' raw info stored in data.csv. Scripts to update this file are written in Python 3 and require chromedriver and Chromium executables at PATH. Every script contains some info about how it works. The run order of scripts: Tops 100. | 341 |
| https://infosecwriteups.com/walkthrough-weather-app-hack-the-box-web-challenge-34b0c930dfca | 0 | |
| SSRF Bypass List | Base-Url: 127.0.0.1 Client-IP: 127.0.0.1 Http-Url: 127.0.0.1 Proxy-Host: 127.0.0.1 Proxy-Url: 127.0.0.1 Real-Ip: 127.0.0.1 Redirect: 127.0.0.1 Referer: 127.0.0.1 Referrer: 127.0.0.1 Refferer: 127.0.0.1 Request-Uri: 127.0.0.1 Uri: 127.0.0.1 Url: 127.0.0.1 X-Client-IP: 127.0.0. | 44 |
| An overlooked parameter leads to a critical SSRF in Dropbox bug bounty program | Check out Intigriti: https://www.intigriti.com/ 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ($20 OFF with code BIRTHDAY) ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw This video is an explanation of an SSRF found by Harsh Jaisw | 0 |
| https://medium.com/@tobydavenn/the-tale-of-ssrf-to-rce-on-gov-domain-191185b32b37 | 0 | |
| SSRF vulnerabilities and where to find them | It’s no secret that cloud architectures have several characteristics that make SSRF attacks challenging to defend against. While SSRFs are not a new threat vector, they are often misunderstood and confused with CSRFs. | 1192 |
| https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf | 0 | |
| Just Gopher It: Escalating a Blind SSRF to RCE for $15k | Typically for a wide scope bug bounty program I’ll start with subdomain enumeration to increase my attack surface, but in this case I was going after a single web application on my target (Yahoo Mail). | 1583 |
| https://medium.com/@dphoeniixx/vimeo-upload-function-ssrf-7466d8630437 | 0 | |
| https://medium.com/@vickieli/intro-to-ssrf-beb35857771f | 0 | |
| https://medium.com/@notifybugme/finding-ssrf-by-full-automation-7d2680091d68 | 0 | |
| https://medium.com/@notifybugme/how-github-recon-help-me-to-find-nine-full-ssrf-vulnerability-with-aws-metadata-access-531d931413a5 | 0 | |
| https://medium.com/bugbountywriteup/story-of-a-really-cool-ssrf-bug-cf88a3800efc | 0 | |
| Story Behind Sweet SSRF. | Hey everyone! I hope you all are doing well! Rohit soni is back with another write-up and this time it’s about critical SSRF which leads to AWS credentials disclosure. Let’s dive into it without wasting time. | 982 |
| Chaining an Blind SSRF bug to Get an RCE | My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be discussing how I was able to get RCE by using Blind SSRF. | 192 |
| https://medium.com/@notifybugme/escalating-ssrf-to-accessing-all-user-pii-information-by-aws-metadata-aabcfd5a3e0e | 0 | |
| https://medium.com/appsecco/finding-ssrf-via-html-injection-inside-a-pdf-file-on-aws-ec2-214cc5ec5d90 | 0 | |
| https://medium.com/@notifybugme/aws-internal-metadata-accessed-through-ssrf-by-chaining-an-open-redirect-bug-c4b0e4838dc | 0 | |
| A Pentester’s Guide to Server Side Request Forgery (SSRF) | This blog will be one of many created alongside our Hacking How-To series, an educational video series around everyday pentest findings. The first installment will explore Server Side Request Forgery (SSRF). | 765 |
| https://medium.com/@corneacristian/top-25-server-side-request-forgery-ssrf-bug-bounty-reports-136928356eca | 0 | |
| Exploiting XXE for SSRF | Server-Side Request Forgery (SSRF):- SSRF is an attack in which an attacker can force a vulnerable server to trigger malicious requests to third-party servers and or to internal resources. | 202 |
| https://medium.com/bugbountywriteup/600k-bounty-jetty-features-response-queue-poisoning-bypass-ssrf-protections-xss-9b7644077829 | 0 | |
| 👩💻Roadmap to Cybersecurity in 2022, Full-Read SSRF, IDOR in GraphQL, GCP Pentesting, and much… | Watch this talk about $25 billion+ of value, locked in the practical attacks against bridges. Welcome to the #IWWeekly28 — the Monday newsletter that brings the best in Infosec straight to your inbox. | 758 |
| Let’s Understand SSRF vulnerability | In most cases, the OWASP Top 10 will publish a list of vulnerabilities. These are the broad categories that encompass the various types of vulnerabilities. | 224 |
| https://medium.com/@michaelkoczwara/server-side-request-forgery-ssrf-portswigger-labs-98469a41b720 | 0 | |
| https://medium.com/@shahjerry33/hey-man-if-i-talk-about-the-impact-it-is-comparatively-low-than-that-of-normal-ssrf-because-of-its-cd46a085740a | 0 | |
| lutfumertceylan/top25-parameter | For basic researches, top 25 vulnerable parameters based on frequency of use with reference to various articles. These parameters can be used for automation tools or manual recon. Although the prevalence percentages of these parameters cannot be proven precisely. | 160 |
| yeswehack/vulnerable-code-snippets | YesWeHack present code snippets containing several different vulnerabilities to practice your code analysis in a safe dockerized envoriment. The vulnerable code snippets are suitable for all skill levels. | 830 |
| Fun with SSRF - Turning the Kubernetes API Server into a port scanner | I thought I’d start the new year with something a little fun that I’ve been looking at over the break (well for a certain definition of the word ‘fun’ :) ). | 752 |
| How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services | As part of the Orca Research Pod efforts, we regularly research various cloud provider services and capabilities to help our customers keep their assets safe and secure in the cloud. | 873 |
| https://medium.com/@tusharsingh.ts01/server-side-request-forgery-ssrf-involves-an-attacker-tricking-a-server-into-making-unauthorized-4c328ccd04f7 | 0 | |
| 1. The Accidental SSRF | OWASP top 10 includes SSRF in the categories, still finding SSRF can usually be tricky. These attacks occur when an application is fetching data from a user-supplied URL, without any validations. | 368 |
| https://medium.com/@muhammadsaninasir713/server-side-request-forgery-ssrf-cybertalents-fb1bcd5c54ec | 0 | |
| https://bugbountyguide.org/2023/01/27/how-i-owned-my-first-bounty-with-ssrf/ | 0 | |
| URL Format Bypass | The Burp extension Burp-Encode-IP implements IP formatting bypasses. The tool recollapse can generate variations from a given input to try to bypass the used regex. Check this post also for more information. | 264 |
| https://hacktricks.boitatech.com.br/pentesting-web/ssrf-server-side-request-forgery | 0 | |
| README.md | Use Trickest to easily build and automate workflows powered by the world's most advanced community tools. Get Access Today: A Server-side Request Forgery (SSRF) vulnerability occurs when an attacker manipulates a server-side application into making HTTP requests to a domain of their choice. | 2975 |
| https://www.softwaresecured.com/introduction-to-server-side-request-forgery/ | 0 | |
| QA Platform | 0 | |
| Server-Side Request Forgery (SSRF) Attack Explained: Definition, Types, Protection | A Server-Side Request Forgery attack (SSRF) is a web app vulnerability that hackers use to bypass firewall or VPN protection of internal systems. An SSRF attack can enable malicious actors to access sensitive data or gain control of other systems. | 1348 |
| Server-Side Request Forgery (SSRF) Attacks: The Ultimate Guide | Several significant cybersecurity breaches in recent years, including Capital One and Microsoft Exchange, involved server-side request forgery (SSRF) as a penetration method. These exploits can give attackers access to your organization’s most sensitive data. | 1983 |
| https://www.cybrary.it/video/understanding-and-testing-for-ssrf/ | 0 | |
| Server-Side Request Forgery | Simple blacklists and regular expressions applied to user input are the wrong approaches to block SSRF attacks. In general, having a blacklist won’t solve the problem. Attackers will still find methods to bypass them. | 382 |
| https://hacklido.com/blog/294-ssrf-that-allowed-us-to-access-whole-infra-web-services-and-many-more | 0 | |
| ssrf.md | {% hint style="info" %} Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. | 895 |
| Block or report hackerscrolls | Contact GitHub support about this user’s behavior. Learn more about reporting abuse. | 104 |
| ssrf-parameters.txt | For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙 - top25-parameter/ssrf-parameters.txt at master · lutfumertceylan/top25-parameter | 0 |
| The story of how I was able to chain SSRF with Command Injection Vulnerability | Hope you’re doing well, I am Raj Qureshi and I am a penetration tester. today I am doing another write-up about one of my best findings ever. In this write-up, I will be describing how I was able to chain SSRF attack with command injection Vulnerability. | 435 |
| Useful Mind Maps | Useful Mind Maps Collection 1. IDOR Techniques 2. Testing 2FA 3. 2FA Bypass Techniques 4. Bugs in Register/ Signup Feature 5. Cookie_Based_Authentication_Vulnerabilities 6. SSRF 7. Tesing JIRA for CVE’s 8. OAUTH2 Pentesting Checklist 9. Testing OAUTH 10. | 34 |
| SSRF Cross Protocol Redirect Bypass · Doyensec's Blog | Server Side Request Forgery (SSRF) is a fairly known vulnerability with established prevention methods. So imagine my surprise when I bypassed an SSRF mitigation during a routine retest. | 928 |
| Mitigating SSRF in 2023 | Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to trick a server-side application to make a request to an unintended location. SSRF, unlike most other specific vulnerabilities, has gained its own spot on the OWASP Top 10 2021. | 2831 |
| https://link.medium.com/dmLthOOGmyb | 0 | |
| SSRF Series | SSRF (Server-Side Request Forgery: server-side request forgery) is a fake exploit server-initiated requests. Generally, SSRF attacks target internal systems that are not accessible from the external network. 1. Show response to attacker (basic) 2. Do now show response (blind) | 2008 |
| raesene/k8s_ssrf_portscanner | This is a Proof of concept idea for using the Kubernetes API server as a port scanner via SSRF. This is a very simple PoC and is not intended to be used in production! | 744 |
| SSRF | This script takes a domain name and a callback server, parses links , appends SSRF parameters and fire the requests. https://gist.github.com/hussein98d/d09b5990ff339dac8029b1e9248d2875 | 122 |
| https://goziem.medium.com/my-first-case-of-ssrf-using-dirsearch-b916f0f1e94b | 0 | |
| Securing PDF Generators Against SSRF Vulnerabilities | A couple of months ago, I was trying to figure out how I could secure a PDF generator running in AWS Lambda against SSRF attacks. SSRF attacks are a type of attack where an attacker can trick a service into making requests to arbitrary resources. | 551 |
| assetnote/surf | surf allows you to filter a list of hosts, returning a list of viable SSRF candidates. It does this by sending a HTTP request from your machine to each host, collecting all the hosts that did not respond, and then filtering them into a list of externally facing and internally facing hosts. | 540 |
| blackhatethicalhacking/SSRFPwned | SSRFPwned is written by Chris "SaintDruG" Abou-Chabké from Black Hat Ethical Hacking and is designed for Offensive Security attacks. | 746 |
| Breaking Down SSRF on PDF Generation: A Pentesting Guide | So today’s article is about the approach for hunting SSRF, I will be more focused on the PDF generation side. Let’s dive into it! Server side request vulnerability occurs when an attacker can manipulate the input to a web application that triggers a request from the server to a remote resource. | 1198 |
| devanshbatham/Vulnerabilities-Unmasked | This repo tries to explain complex security vulnerabilities in simple terms that even a five-year-old can understand! Disclaimer: The analogies provided in this conversation are generated by a Language Model (LLM) using prompt engineering techniques. | 3112 |
| Blind SSRF - The Tray | Hi fellow hunters, in this write-up, I will explain how I found a Blind SSRF and got a red bull tray as a reward. The Redbull Bug Bounty program is on Intigriti’s Platform. Blind SSRF is a type of SSRF attack where the attacker cannot see the response from the server. | 375 |
| Attacking APIs with SSRF and how to prevent it | Based on the 2023 OWASP API Security Top 10 this is one of the common attack types. The exploitability and detectability are easy making it quite dangerous. Server-Side Request Forgery (SSRF) flaws occur when an API is fetching a remote resource without validating the user-supplied URL. | 366 |
| SSRF vulnerabilities and where to find them | It’s no secret that cloud architectures have several characteristics that make SSRF attacks challenging to defend against. While SSRFs are not a new threat vector, they are often misunderstood and confused with CSRFs. | 1192 |
| Exploiting Non-Cloud SSRF for More Fun & Profit | Let's jump in directly, while hunting on some random target in my spare time, I came across one subdomain where we can see the reports related to the company and marketing, I found one functionality where we can see the report in pdf format. | 553 |
| NucleiFuzzer - Powerful Automation Tool For Detecting XSS, SQLi, SSRF, Open-Redirect, Etc.. Vulnerabilities In Web Applications | NucleiFuzzer is an automation tool that combines ParamSpider and Nuclei to enhance web application security testing. It uses ParamSpider to identify potential entry points and Nuclei's templates to scan for vulnerabilities. | 227 |
| NucleiFuzzer - Powerful Automation Tool For Detecting XSS, SQLi, SSRF, Open-Redirect, Etc.. Vulnerabilities In Web Applications | NucleiFuzzer is an automation tool that combines ParamSpider and Nuclei to enhance web application security testing. It uses ParamSpider to identify potential entry points and Nuclei's templates to scan for vulnerabilities. | 227 |
| Server-side request forgery (SSRF) in Web App Penetration Testing | 2023 | Server-side request forgery is a web security vulnerability that allows an attacker to cause the server-side application to make requests to an unintended location. | 173 |
| 11.2 Lab: Exploiting XXE to perform SSRF attacks | 2023 | This lab has a “Check stock” feature that parses XML input and returns any unexpected values in the response. The lab server is running a (simulated) EC2 metadata endpoint at the default URL, which is http://169.254.169.254/. | 319 |
| Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRF | Using CNAPPgoat, you can now experiment with a technique that leverages exposure to SSRF to trigger calls to AWS services from within an Amazon EC2 instance. CNAPPgoat is Tenable Cloud Security’s open-source contribution to the multi-cloud environment landscape. | 1681 |
| SSRF attacks explained and how to defend against them | The basis of mitigating SSRF flaws remains to prevent users from influencing input that reaches your internal applications. Your internal applications should never blindly trust the input or assume that it’s coming from an authentic source. For example, in the above example of shop.example. | 231 |
| ssrf | Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing. | 782 |
| x.com | 0 | |
| What are SSRF Attacks and How They Work to Disrupting Email Security | SSRF attacks have gained momentum in recent years. They have been used as a break-in technique in significant attacks on organizations like Capital One and Microsoft. | 1259 |
| SSRF vulnerabilities and where to find them | It’s no secret that cloud architectures have several characteristics that make SSRF attacks challenging to defend against. While SSRFs are not a new threat vector, they are often misunderstood and confused with CSRFs. | 1192 |
| Testing for SSRF with Burp Suite | Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location. | 361 |
| S4M Security | Hello Cyberman! This article subject SSRF attacks. This series of articles will be with Portswigger solutions. | 622 |
| Exploring the SSRF attack surface | Server-Side Request Forgery (SSRF) is a critical security vulnerability that often goes unnoticed, leaving web applications and cloud services exposed to potential attacks. Understanding the SSRF attack surface is the first step in mitigating this threat effectively. | 518 |
| https://medium.com/@Land2Cyber/ssrf-hunting-in-the-cloud-exploiting-misconfigured-services-in-cloud-environments-c0d4604fa06c | 0 | |
| “Bypassing SSRF protection measures” Techniques for evading WAFs and input validation | Server-Side Request Forgery (SSRF) vulnerabilities are a persistent threat to web applications and cloud services. To exploit SSRF, attackers often need to bypass security measures such as Web Application Firewalls (WAFs) and input validation checks. | 536 |
| “SSRF to RCE” A case study in exploiting chained vulnerabilities | Server-Side Request Forgery (SSRF) vulnerabilities are known to be serious, allowing attackers to manipulate requests from a web application. | 501 |
| “The future of SSRF attacks” Machine learning and AI-based exploitation | As the world becomes increasingly digital, cybersecurity threats are evolving at an unprecedented pace. One of the vulnerabilities that has been on the rise is Server-Side Request Forgery (SSRF), and its future holds both potential for defenders and challenges for security professionals. | 515 |
| https://karol-mazurek95.medium.com/appsec-tales-xvii-ssrf-35e3a08c278 | 0 | |
| x.com | 0 | |
| Azure SSRF Metadata | Azure provides a metadata service that allows applications on a Virtual Machine (VM) to access information about the machine’s configuration, including any associated service account credentials. The sensitivity of this information makes it a common target for adversaries. | 2794 |
| Penetration Testing for Server-Side Request Forgery (SSRF) in E-commerce Platforms | E-commerce platforms are highly vulnerable to various security threats, and one of the most critical vulnerabilities is Server-Side Request Forgery (SSRF). | 898 |
| SSRF EXPLOITATION: FILE DISCLOSURE | 2023 | BUG BOUNTY | Note: This video is only for educational purpose. Intigriti: https://go.intigriti.com/bepractical Hi everyone! In this video, you will learn how to exploit server side request forgery to file disclosure vulnerability Website: https://bepractical.tech Telegram: https://telegram.me/bepracticaltech | 0 |
| Find and Exploit Server-Side Request Forgery (SSRF) Using Burp Suite | Bug Bounty Live | ❗| THIS VIDEO IS ONLY FOR EDUCATIONAL PURPOSE ------------------------------------------------ The Regex to Use: (https?:\/\/(?:www\.|(?!www))[a-zA-Z0-9][a-zA-Z0-9-]+[a-zA-Z0-9]\.[^\s]{2,}|www\.[a-zA-Z0-9][a-zA-Z0-9-]+[a-zA-Z0-9]\.[^\s]{2,}|https?:\/\/(?:www\.|(?!www))[a-zA-Z0-9]+\.[^\s]{2,}|www\ | 0 |
| Exploit Server-Side Request Forgery (SSRF). | #exploitssrf #ssrf #exploit Exploit Server-Side Request Forgery SSRF | Find and Exploit Server-Side Request Forgery SSRF. What is SSRF (Server-side request forgery)? Tutorial ... Learn what server-side request forgery (SSRF) is, how it works, and how to exploit it. Find out the impact of SSRF at | 0 |
| XSSRF : The Matrimony of XSS and SSRF. | Hey folks, Nauman Khan back in action! 🚀 Today, we’re diving into the depth of XSSRF — where Server-Side Request Forgery (SSRF) meets Cross-Site Scripting (XSS). Lets Learn How I was able to turn an Informative(P5) SSRF to an High(P2) Severity Vulnerability And Got $$$ for it. | 396 |
| Hunting for SSRF Bugs in PDF Generators | If you’ve been on a website and noticed one of the following features, there’s a good chance you’ve stumbled upon a hot spot for server-side request forgery (SSRF) bugs: Print a certificate of completion Generate a report Submit a digital signature Before getting into the nuts ‘n’ bolts of | 2634 |
| Oh snap! We don't support this version of your browser, and neither should you! | You are visiting this page because we detected an unsupported browser. Your browser does not support security features that we require. We highly recommend that you update your browser. If you believe you have arrived here in error, please contact us. Be sure to include your browser version. | 48 |
| Owning the clout through SSRF and PDF generators - Public v1.0 | In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. | 1210 |
| Digging for SSRF in NextJS apps | If you want to design a mostly static, modern landing page for your brand new business, what do you do? Ten years ago, it felt like every company was using a heavyweight CMS like Wordpress. As a hacker, the attack surface of CMS solutions is well understood. | 1496 |
| Find SSRF , LFI , XSS using httpx , waybackurls , gf , gau , qsreplace | This will help you in bug bounty because it’s advance bug bounty tips i have also a please visit there and watch video on advance subdomain recon and subdomain takeover and some poc video is also there. So let’s start | 113 |
| Detect SSRF attacks in cloud applications and APIs | APIs can be vulnerable to a wide variety of attacks, such as poor inventory management and access controls, making them a primary target for attackers. Server-side request forgery (SSRF) is one type of attack that has become more prominent with the rising use of public clouds. | 1146 |
| Server-side request forgery (SSRF) | For Snyk Enterprise customers with regional contracts. More info Server-side request forgery (SSRF) is a type of attack that allows an adversary to make arbitrary outbound requests from a server. | 1884 |
| SSRFing the Web with the help of Copilot Studio | Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact. | 1568 |
| What is Server-Side Request Forgery? | Server-Side Request Forgery (SSRF) is a vulnerability where an attacker can trick a server into making unintended requests to internal or external resources. These requests are made from the server itself, which can have more privileges and access compared to a client-side request. | 871 |
| How to Prevent Server-Side Request Forgery | In today's digital age, protecting your organization's web applications from security threats is of paramount importance. Server-side request forgery (SSRF) attacks are one such threat that can compromise your systems and expose sensitive data. | 1166 |
| Server-side request forgery (SSRF) | What is SSRF? Server-side request forgery (SSRF) is a vulnerability that lets a malicious hacker send a request from the back end of the software to another server or to a local service. | 1620 |
| SSRF in real life | At Alan, we are continuously improving our product to delight our members. One downside is that increasing our codebase size exposes us to security issues and vulnerabilities. Let me tell you about a story that happened recently. | 1186 |
| Best Practices to Defend Against Server-Side Request Forgery (SSRF) Attacks | Server-Side Request Forgery (SSRF) is a critical security vulnerability that has become increasingly prevalent in modern web applications. It allows attackers to manipulate server-side applications into sending unauthorized requests to internal or external systems. | 3883 |