| 4039 | The Bugs Are Out There, Hiding in Plain Sight |
IDOR
SSRF
Information disclosure
CORS misconfiguration |
NA |
A Bug’z Life (@abugzlife1) |
Bug Bounty | 2019-07-15 | 2023-06-13 |
| 3985 | LAN-Based Blind SSRF Attack Primitive for Windows Systems (switcheroo) |
SSRF |
Microsoft |
initstring (@init_string) |
Bug Bounty | 2019-08-09 | 2023-06-13 |
| 3977 | SSRF Vulnerability in https://app.[REDACTED].com |
SSRF |
NA |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2019-08-13 | 2023-06-13 |
| 3914 | SSRF | Reading Local Files from DownNotifier server |
SSRF |
NA |
Dr.FarFar (@3XS0) |
Bug Bounty | 2019-09-18 | 2023-06-13 |
| 3875 | A Tale of Exploitation in Spreadsheet File Conversions |
Local file disclosure (LFD)
SSRF |
Slack |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2019-10-18 | 2023-06-13 |
| 3851 | BugBounty | A Simple SSRF |
SSRF
DNS rebinding |
NA |
Jinone (@jinonehk) |
Bug Bounty | 2019-11-05 | 2023-06-13 |
| 3849 | BugBounty | A Simple SSRF |
SSRF
DNS rebinding |
NA |
Jinone (@jinonehk) |
Bug Bounty | 2019-11-05 | 2023-06-13 |
| 3844 | My First SSRF Using DNS Rebinding |
SSRF
DNS rebinding |
NA |
Marek Geleta (@marek_geleta) |
Bug Bounty | 2019-11-11 | 2023-06-13 |
| 3837 | [Server Side Request Forgery] Blind SSRF due to Sentry Misconfiguration |
SSRF |
NA |
Kent Bayron (@bayronkentoy) |
Bug Bounty | 2019-11-14 | 2023-06-13 |
| 3787 | SSRF via FFmpeg HLS processing |
SSRF |
NA |
Pflash Punk (@PflashPunk) |
Bug Bounty | 2019-12-11 | 2023-06-13 |
| 3781 | Vimeo upload function SSRF |
SSRF |
NA |
Sayed Abdelhafiz (@dPhoeniixx) |
Bug Bounty | 2019-12-15 | 2023-06-13 |
| 3772 | [Google VRP] SSRF in Google Cloud Platform StackDriver |
SSRF |
Google |
Ron Chan (@ngalongc) |
Bug Bounty | 2019-12-19 | 2023-06-13 |
| 3737 | From . in regex to SSRF — part 1 |
SSRF |
NA |
Niemiec Marcin (@xvnpw) |
Bug Bounty | 2020-01-05 | 2023-06-13 |
| 3729 | Hunting Good Bugs with only <HTML> |
Open redirect
HTML injection
SSRF |
NA |
Ak1T4 (@akita_zen) |
Bug Bounty | 2020-01-10 | 2023-06-13 |
| 3722 | From . in regex to SSRF — part 2 |
SSRF |
NA |
Niemiec Marcin (@xvnpw) |
Bug Bounty | 2020-01-14 | 2023-06-13 |
| 3671 | How I discovered an SSRF leading to AWS Metadata Leakage |
SSRF |
NA |
Amey Anekar (@ameyanekar) |
Bug Bounty | 2020-02-10 | 2023-06-13 |
| 3647 | How i found 3 SSRF in one day on different bug bounty targets |
SSRF |
NA |
- |
Bug Bounty | 2020-02-25 | 2023-06-13 |
| 3635 | SSRF on PDF generator. |
SSRF |
NA |
John Michael (@michan2514) |
Bug Bounty | 2020-03-02 | 2023-06-13 |
| 3631 | Exploiting an SSRF: Trials and Tribulations |
SSRF |
NA |
A Bug’z Life (@abugzlife1) |
Bug Bounty | 2020-03-03 | 2023-06-13 |
| 3629 | SSRF vulnerability in Uppy, Detected by Shieldfy |
SSRF |
Node.js third-party modules |
Eslam Salem (@net_code) |
Bug Bounty | 2020-03-03 | 2023-06-13 |
| 3602 | Using Vulnerability Analytics Feature Like a Boss |
SSRF
Reflected XSS
Authentication bypass |
NA |
Ozgur Alp (@ozgur_bbh) |
Bug Bounty | 2020-03-15 | 2023-06-13 |
| 3558 | How we abused Slack%27s TURN servers to gain access to internal services |
SSRF |
Slack |
Sandro Gauci (@sandrogauci) |
Bug Bounty | 2020-04-06 | 2023-06-13 |
| 3521 | Piercing the Veal: Short Stories to Read with Friends |
SSRF |
DuckDuckGo |
d0nut (@d0nutptr) |
Bug Bounty | 2020-04-27 | 2023-06-13 |
| 3512 | The Story of Blind SSRF leads to internal Host discovery. |
SSRF |
NA |
kaustubh padwad (@s3curityb3ast) |
Bug Bounty | 2020-05-01 | 2023-06-13 |
| 3508 | Blind SSRF on coda.io |
SSRF |
Coda |
Kleiton Kurti (@kleiton0x7e) |
Bug Bounty | 2020-05-02 | 2023-06-13 |
