| 5073 | Pivoting from blind SSRF to RCE with HashiCorp Consul |
Blind XSS
RCE |
NA |
Peter Adkins (@darkarnium) |
Bug Bounty | 2017-05-29 | 2023-06-13 |
| 5053 | Yahoo Small Business (Luminate) and the Not-So-Secret Keys |
Blind SSRF |
Yahoo! / Verizon Media |
Tommy DeVoss / dawgyg (@thedawgyg) |
Bug Bounty | 2017-06-23 | 2023-06-13 |
| 4917 | Bug Bounty: Fastmail |
Blind SSRF
Blind XXE |
Fastmail |
Brian Hyde (@0xHyde) |
Bug Bounty | 2017-12-08 | 2023-06-13 |
| 4910 | P4 to P2 - The story of one blind SSRF |
Blind SSRF |
NA |
Mikhail Klyuchnikov (@__Mn1__) |
Bug Bounty | 2017-12-19 | 2023-06-13 |
| 4157 | BLIND SSRF in *.stripe.com due to Sentry Misconfiguration |
Blind SSRF |
Stripe |
Oktavandi (@0ktavandi) |
Bug Bounty | 2019-05-09 | 2023-06-13 |
| 3985 | LAN-Based Blind SSRF Attack Primitive for Windows Systems (switcheroo) |
SSRF |
Microsoft |
initstring (@init_string) |
Bug Bounty | 2019-08-09 | 2023-06-13 |
| 3837 | [Server Side Request Forgery] Blind SSRF due to Sentry Misconfiguration |
SSRF |
NA |
Kent Bayron (@bayronkentoy) |
Bug Bounty | 2019-11-14 | 2023-06-13 |
| 3512 | The Story of Blind SSRF leads to internal Host discovery. |
SSRF |
NA |
kaustubh padwad (@s3curityb3ast) |
Bug Bounty | 2020-05-01 | 2023-06-13 |
| 3508 | Blind SSRF on coda.io |
SSRF |
Coda |
Kleiton Kurti (@kleiton0x7e) |
Bug Bounty | 2020-05-02 | 2023-06-13 |
| 3330 | My First Bug: Blind SSRF Through Profile Picture Upload |
SSRF |
NA |
swaysthinking (@swaysThinking) |
Bug Bounty | 2020-07-05 | 2023-06-13 |
| 3097 | Blind SSRF - The Hide & Seek Game |
Blind SSRF |
NA |
Shrey Shah (@ShreySh43332033) |
Bug Bounty | 2020-10-13 | 2023-06-13 |
| 2998 | WonderCMS 3.1.3 - Authenticated RCE & Blind SSRF Vulnerability |
Blind SSRF
RCE |
WonderCMS |
Mas Zet (@zetc0de) |
Bug Bounty | 2020-11-29 | 2023-06-13 |
| 2763 | CVE-2020–13956 |
Blind SSRF
URL parsing issue |
Apache HttpClient |
Priyank (@Rev_Octo) |
Bug Bounty | 2021-02-26 | 2023-06-13 |
| 2656 | Chaining an Blind SSRF bug to Get an RCE |
Blind SSRF
RCE |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-04-07 | 2023-06-13 |
| 2627 | Blind SSRF to Port Scanning through response time |
SSRF |
NA |
Harish |
Bug Bounty | 2021-04-19 | 2023-06-13 |
| 2548 | Just Gopher It: Escalating a Blind SSRF to RCE for $15k |
SSRF
RCE |
NA |
SirLeeroyJenkins (@SirLeeroyJenkin) |
Bug Bounty | 2021-05-17 | 2023-06-13 |
| 2330 | Blind SSRF in URL Validator |
Blind SSRF |
NA |
Yash Kandekar (@Neutron__) |
Bug Bounty | 2021-08-12 | 2023-06-13 |
| 2133 | Moodle - Stored XSS and blind SSRF possible via feedback answer text |
Stored XSS
SSRF |
Moodle |
rekter0 (@rekter0) |
Bug Bounty | 2021-10-22 | 2023-06-13 |
| 1480 | From blind SSRF to localhost dirbusting and asset enumeration |
SSRF |
NA |
Jovan Šikanja (@joshibeast) |
Bug Bounty | 2022-06-11 | 2023-06-13 |
| 1123 | WordPress Core - Unauthenticated Blind SSRF |
SSRF |
WordPress |
Simon Scannell (@scannell_simon) |
Bug Bounty | 2022-09-06 | 2023-06-13 |
| 891 | Blind SSRF in Skype (Microsoft) |
Blind SSRF |
Microsoft |
Jayateertha Guruprasad (@JayateerthaG) |
Bug Bounty | 2022-10-28 | 2023-06-13 |
