| 5183 | ESEA Server-Side Request Forgery and Querying AWS Meta Data |
SSRF |
ESEA |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2016-04-18 | 2023-06-13 |
| 5093 | Ok Google, Give Me All Your Internal DNS Information! |
SSRF |
Google |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2017-03-01 | 2023-06-13 |
| 5091 | Airbnb – Chaining Third-Party Open Redirect into Server-Side Request Forgery (SSRF) via LivePerson Chat |
Open redirect
SSRF
Path traversal |
Airbnb |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2017-03-09 | 2023-06-13 |
| 5074 | A pair of Plotly bugs: Stored XSS and AWS Metadata SSRF |
Stored XSS
SSRF |
Plotly |
Yasin Soliman (@SecurityYasin) |
Bug Bounty | 2017-05-25 | 2023-06-13 |
| 5073 | Pivoting from blind SSRF to RCE with HashiCorp Consul |
Blind XSS
RCE |
NA |
Peter Adkins (@darkarnium) |
Bug Bounty | 2017-05-29 | 2023-06-13 |
| 5053 | Yahoo Small Business (Luminate) and the Not-So-Secret Keys |
Blind SSRF |
Yahoo! / Verizon Media |
Tommy DeVoss / dawgyg (@thedawgyg) |
Bug Bounty | 2017-06-23 | 2023-06-13 |
| 5048 | Escalating XSS in PhantomJS Image Rendering to SSRF/Local-File Read |
XSS
SSRF
LFI |
NA |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2017-06-29 | 2023-06-13 |
| 5016 | Cracking the lens: targeting HTTP%27s hidden attack-surface |
Reflected XSS
SSRF |
Yahoo! / Verizon Media
BT
New Relic |
James Kettle (@albinowax) |
Bug Bounty | 2017-07-27 | 2023-06-13 |
| 5015 | How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! |
SSRF
RCE
CRLF injection
Insecure deserialization |
GitHub |
Orange Tsai (@orange_8361) |
Bug Bounty | 2017-07-28 | 2023-06-13 |
| 4979 | Exploiting a Single Request for Multiple Vulnerabilities |
Stored XSS
Reflected XSS
SSRF
OS command injection |
NA |
Osama Ansari (@AnsariOsama10) |
Bug Bounty | 2017-09-19 | 2023-06-13 |
| 4957 | Reading Internal Files using SSRF vulnerability |
SSRF |
NA |
Neeraj Sonaniya (@neeraj_sonaniya) |
Bug Bounty | 2017-10-16 | 2023-06-13 |
| 4953 | How i found an SSRF in Yahoo! Guesthouse (Recon Wins) |
SSRF |
Yahoo! / Verizon Media |
Th3G3nt3lman (@Th3G3nt3lman) |
Bug Bounty | 2017-10-20 | 2023-06-13 |
| 4942 | From SSRF to Local File Disclosure |
SSRF
Local file disclosure (LFD) |
NA |
Tung Pun |
Bug Bounty | 2017-11-08 | 2023-06-13 |
| 4917 | Bug Bounty: Fastmail |
Blind SSRF
Blind XXE |
Fastmail |
Brian Hyde (@0xHyde) |
Bug Bounty | 2017-12-08 | 2023-06-13 |
| 4913 | Hacking the Hackers: Leveraging an SSRF in HackerTarget |
SSRF |
HackerTarget |
Corben Leo (@hacker_) |
Bug Bounty | 2017-12-17 | 2023-06-13 |
| 4910 | P4 to P2 - The story of one blind SSRF |
Blind SSRF |
NA |
Mikhail Klyuchnikov (@__Mn1__) |
Bug Bounty | 2017-12-19 | 2023-06-13 |
| 4906 | How I found SSRF on TheFacebook.com |
SSRF |
Meta / Facebook |
Thunder |
Bug Bounty | 2017-12-27 | 2023-06-13 |
| 4839 | Stored XSS, and SSRF in Google using the Dataset Publishing Language |
Stored XSS
SSRF |
Google |
Craig Arendt (@signalchaos) |
Bug Bounty | 2018-03-07 | 2023-06-13 |
| 4818 | Beyond XSS: Edge Side Include Injection |
ESI injection
SSRF
XSS |
Squid
Varnish |
Louis Dion-Marcil (@ldionmarcil) |
Bug Bounty | 2018-04-03 | 2023-06-13 |
| 4814 | “Exploiting a Single Parameter” |
SSRF
XSS |
NA |
Hisham Mir (@Hishammir1) |
Bug Bounty | 2018-04-06 | 2023-06-13 |
| 4811 | Piercing the veil: Server Side Request Forgery to NIPRNet access |
SSRF |
U.S. Dept Of Defense |
Alyssa Herrera (@Alyssa_Herrera_) |
Bug Bounty | 2018-04-09 | 2023-06-13 |
| 4758 | Getting read access on Edmodo Production Server by exploiting SSRF |
SSRF |
Edmodo |
Shawar Khan (@ShawarkOFFICIAL) |
Bug Bounty | 2018-05-21 | 2023-06-13 |
| 4743 | How i converted SSRF to XSS in Jira. |
SSRF
XSS |
NA |
Ashish Kunwar (@D0rkerDevil) |
Bug Bounty | 2018-06-01 | 2023-06-13 |
| 4741 | How I Hacked Fotor & Got “Nothing” |
SSRF
RFI |
Fotor |
Somdev Sangwan (s0md3v) |
Bug Bounty | 2018-06-01 | 2023-06-13 |
| 4735 | How I found XSS via SSRF vulnerability -Adesh Kolte |
SSRF
XSS |
CERT-EU
Motorola
Stanford |
Adesh Nandkishor kolte (@AdeshKolte) |
Bug Bounty | 2018-06-07 | 2023-06-13 |
