| 4713 | How I got access to local AWS info via Jira |
SSRF |
NA |
Coen Goedegebure (@CoenHimself) |
Bug Bounty | 2018-06-24 | 2023-06-13 |
| 4700 | Server Side Request Forgery on Vanilla Forums |
SSRF |
Vanilla Forums |
Vikash Chaudhary (@OffensiveHunter) |
Bug Bounty | 2018-07-07 | 2023-06-13 |
| 4683 | Into the Borg – SSRF inside Google production network |
SSRF |
Google |
Enguerran Gillier (@opnsec) |
Bug Bounty | 2018-07-20 | 2023-06-13 |
| 4562 | Just another tale of severe bugs on a private program. |
Open redirect
SSRF
IDOR
Logic flaw |
NA |
Siva Krishna Samireddi (@le4rner) |
Bug Bounty | 2018-09-28 | 2023-06-13 |
| 4554 | AWS takeover through SSRF in JavaScript |
SSRF |
NA |
Gwendal Le Coguic (@gwendallecoguic) |
Bug Bounty | 2018-10-02 | 2023-06-13 |
| 4496 | How Outdated JIRA Instances suffers from multiple security vulnerabilities? |
XSS
SSRF |
Visma |
Yeasir Arafat |
Bug Bounty | 2018-11-13 | 2023-06-13 |
| 4457 | Exploiting SSRF like a Boss — Escalation of an SSRF to Local File Read! |
SSRF
LFI |
NA |
Zain Sabahat (@Zain_Sabahat) |
Bug Bounty | 2018-11-22 | 2023-06-13 |
| 4396 | Server-side Request Forgery in OpenID support |
SSRF |
Liberapay |
Putra Adhari |
Bug Bounty | 2018-12-24 | 2023-06-13 |
| 4306 | [SSRF] Server Side Request Forgery in a private Program developers.example.com |
SSRF |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-02-14 | 2023-06-13 |
| 4296 | $1.000 SSRF in Slack |
SSRF |
Slack |
Elber Andre (@Elber333) |
Bug Bounty | 2019-02-17 | 2023-06-13 |
| 4280 | Chain of hacks leading to Database Compromise! |
LFI
SSRF |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2019-02-23 | 2023-06-13 |
| 4263 | Vimeo SSRF with code execution potential. |
SSRF |
Vimeo |
Harsh Jaiswal (@rootxharsh) |
Bug Bounty | 2019-03-08 | 2023-06-13 |
| 4258 | Escalating SSRF to RCE |
SSRF
RCE |
NA |
Youssef A. Mohamed (@GeneralEG64) |
Bug Bounty | 2019-03-25 | 2023-06-13 |
| 4222 | DownNotifier SSRF |
SSRF |
DownNotifier |
_m_q_t (@_m_q_t) |
Bug Bounty | 2019-04-04 | 2023-06-13 |
| 4214 | Old but GOLD Dot Dot Slash to Get the Flag — Uber Microservice |
SSRF
Path traversal
Account takeover |
Uber |
Ron Chan (@ngalongc) |
Bug Bounty | 2019-04-07 | 2023-06-13 |
| 4211 | SSRF Tips: SSRF/XSPA in Microsoft’s Bing Webmaster Central |
SSRF
XSPA |
Microsoft |
Elber Andre (@Elber333) |
Bug Bounty | 2019-04-09 | 2023-06-13 |
| 4194 | PDFReacter SSRF to ROOT Level Local File Read which led to RCE |
SSRF
RCE |
NA |
Armaan Pathan (@armaancrockroax) |
Bug Bounty | 2019-04-18 | 2023-06-13 |
| 4189 | Ssrf to Read Local Files and Abusing the AWS metadata |
SSRF |
NA |
Pratik Yadav (@PratikY9967) |
Bug Bounty | 2019-04-21 | 2023-06-13 |
| 4180 | The journey of Web Cache + Firewall Bypass to SSRF to AWS credentials compromise! |
LFI
SSRF
WAF bypass
Cloudflare bypass |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2019-04-25 | 2023-06-13 |
| 4162 | ESI Injection Part 2: Abusing specific implementations |
ESI injection
RCE
SSRF
HTTP header injection |
NA |
Philippe Arteau (@h3xstream) |
Bug Bounty | 2019-05-02 | 2023-06-13 |
| 4161 | Server Side Request Forgery(SSRF){port issue hidden approch } |
SSRF |
NA |
Deepak Holani (@w_hat_boy) |
Bug Bounty | 2019-05-03 | 2023-06-13 |
| 4157 | BLIND SSRF in *.stripe.com due to Sentry Misconfiguration |
Blind SSRF |
Stripe |
Oktavandi (@0ktavandi) |
Bug Bounty | 2019-05-09 | 2023-06-13 |
| 4126 | The Unusual Case of Status code- 301 Redirection to AWS Security Credentials Compromise |
SSRF
RFI |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2019-06-02 | 2023-06-13 |
| 4108 | v1 Instance Metadata Service protections bypass |
SSRF |
Google |
Anthony Weems |
Bug Bounty | 2019-06-14 | 2023-06-13 |
| 4071 | Gain adfly SMTP access with SSRF via Gopher Protocol |
SSRF |
Adf.ly |
Zerb0a |
Bug Bounty | 2019-06-27 | 2023-06-13 |
