| 2515 | Escalating SSRF to Accessing all user PII information by aws metadata |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-05-31 | 2023-06-13 |
| 2511 | Escalating SSRF to Accessing all user PII information by aws metadata |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-06-01 | 2023-06-13 |
| 2505 | Server Side Request Forgery - A Forged Document |
SSRF
File upload |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-06-03 | 2023-06-13 |
| 2498 | How Github recon help me to find NINE FULL SSRF Vulnerability with AWS metadata access |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-06-06 | 2023-06-13 |
| 2496 | Story of my first cash bounty on hackerone. |
SSRF
XSS |
NA |
Vedant Tekale (@_justYnot) |
Bug Bounty | 2021-06-07 | 2023-06-13 |
| 2483 | An exciting journey to find SSRF , Bypass Cloudflare , and extract AWS metadata ! |
SSRF |
NA |
hosein vita (@HoseinVita) |
Bug Bounty | 2021-06-13 | 2023-06-13 |
| 2441 | Diving into Dependabot along with a bug in npm |
SSRF
RCE |
GitHub |
tyage (@tyage) |
Bug Bounty | 2021-06-27 | 2023-06-13 |
| 2379 | Telegram Report: SSRF leads to DOS attack [Reports that didn%27t make it] |
SSRF
DoS |
Telegram |
Philippe Delteil (@PhilippeDelteil) |
Bug Bounty | 2021-07-27 | 2023-06-13 |
| 2358 | Blind XXE Leads to Internal Port Scanning Through SSRF |
XXE
SSRF |
NA |
Sam Paredes (@caffeinevulns) |
Bug Bounty | 2021-08-01 | 2023-06-13 |
| 2330 | Blind SSRF in URL Validator |
Blind SSRF |
NA |
Yash Kandekar (@Neutron__) |
Bug Bounty | 2021-08-12 | 2023-06-13 |
| 2325 | Finding multiple SSRF with aws metadata access on A BANK system |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-08-14 | 2023-06-13 |
| 2305 | Server Side Request Forgery with huge impact in production application |
SSRF |
NA |
Gökhan Güzelkokar (@gkhck_) |
Bug Bounty | 2021-08-23 | 2023-06-13 |
| 2285 | SSRF External Service Interaction for Find Real IP CloudFlare and Leads to SQL Injection |
WAF bypass
SSRF
SQL injection |
NA |
Caesar Evan Santoso |
Bug Bounty | 2021-08-28 | 2023-06-13 |
| 2244 | SSRF in PDF export with PhantomJs |
SSRF
XSS
LFI |
NA |
أنس روبي (@xhzeem) |
Bug Bounty | 2021-09-07 | 2023-06-13 |
| 2209 | Chaining bugs for better bounties |
SSRF
XSS
Information disclosure |
NA |
Manas Harsh (@ManasH4rsh) |
Bug Bounty | 2021-09-19 | 2023-06-13 |
| 2175 | Pre-Auth SSRF To Full MailBox Access (Microsoft Exchange Server Exploit) |
SSRF |
NA |
Vanshal Gaur (@VanshalG) |
Bug Bounty | 2021-10-02 | 2023-06-13 |
| 2166 | Hacking Netflix Eureka! |
SSRF
XSS |
Netflix |
Maxim Tyukov (@maxtyukov) |
Bug Bounty | 2021-10-06 | 2023-06-13 |
| 2133 | Moodle - Stored XSS and blind SSRF possible via feedback answer text |
Stored XSS
SSRF |
Moodle |
rekter0 (@rekter0) |
Bug Bounty | 2021-10-22 | 2023-06-13 |
| 2120 | Easy SSRF from Wayback Machine |
SSRF |
NA |
Khaled Mohamed (@0xElkomy) |
Bug Bounty | 2021-10-27 | 2023-06-13 |
| 2089 | Unrestricted File Upload Leads to SSRF and RCE |
ImageTragick
Unrestricted file upload
SSRF
RCE |
NA |
Muhammad Adel (@ItsFadinG_) |
Bug Bounty | 2021-11-11 | 2023-06-13 |
| 2087 | Simple SSRF Allows Access To Internal Assets |
SSRF |
NA |
Sam Paredes (@caffeinevulns) |
Bug Bounty | 2021-11-11 | 2023-06-13 |
| 2067 | URL whitelist bypass in https://cxl-services.appspot.com |
Privilege escalation
URL validation bypass
SSRF |
Google |
David Schütz (@xdavidhu) |
Bug Bounty | 2021-11-17 | 2023-06-13 |
| 2052 | Multiple Vulnerabilities In Concrete CMS – Part2 (PrivEsc/SSRF/etc) |
Privilege escalation
SSRF |
Concrete CMS |
FORTBRIDGE (@FORTBRIDGE1) |
Bug Bounty | 2021-11-25 | 2023-06-13 |
| 2038 | VMware vCenter earlier versions (7.0.2.00100) has unauthorized arbitrary file read + ssrf + xss vulnerability |
LFI
SSRF
XSS
Arbitrary file read |
VMware |
Khoa Dinh (@_l0gg) |
Bug Bounty | 2021-11-30 | 2023-06-13 |
| 2021 | SSRF vulnerability in AppSheet - Google VRP |
SSRF |
Google |
David Nechuta (@david_nechuta) |
Bug Bounty | 2021-12-05 | 2023-06-13 |
