| 1603 | Adventures Into The MeowCorp Bug Bounty Program |
Information disclosure
Weak credentials
SSRF
.git folder disclosure
RCE |
NA |
Nirmal Thapa (@tnirmalz) |
Bug Bounty | 2022-04-21 | 2023-06-13 |
| 1593 | Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054) |
SSRF |
VMware |
Keiran Sampson (@hpy_downunder) |
Bug Bounty | 2022-04-27 | 2023-06-13 |
| 1589 | Exploitation of an SSRF vulnerability against EC2 IMDSv2 |
SSRF |
NA |
Yassine Aboukir (@Yassineaboukir) |
Bug Bounty | 2022-04-28 | 2023-06-13 |
| 1549 | Stealing Google Drive OAuth tokens from Dropbox |
CSRF
SSRF
Account takeover |
Dropbox |
Sivanesh Ashok (@sivaneshashok) |
Bug Bounty | 2022-05-17 | 2023-06-13 |
| 1517 | DNN CMS Server-Side Request Forgery (CVE-2021-40186) |
SSRF
Security code review |
DNN (DotNetNuke) |
Appcheck NG |
Bug Bounty | 2022-05-26 | 2023-06-13 |
| 1506 | From open redirect to RCE in one week |
Open redirect
SSRF
Insecure deserialization
LFI
RCE |
Mail.ru |
byq (@ByQwert) |
Bug Bounty | 2022-05-31 | 2023-06-13 |
| 1497 | Another vision for SSRF |
SSRF |
NA |
phor3nsic (@phor3nsic_br) |
Bug Bounty | 2022-06-06 | 2023-06-13 |
| 1486 | Chaining vulnerabilities to criticality in Progress WhatsUp Gold |
SSRF
Local File Disclosure
Information disclosure |
Progress (WhatsUp Gold) |
Shubham Shah (@infosec_au) |
Bug Bounty | 2022-06-09 | 2023-06-13 |
| 1480 | From blind SSRF to localhost dirbusting and asset enumeration |
SSRF |
NA |
Jovan Šikanja (@joshibeast) |
Bug Bounty | 2022-06-11 | 2023-06-13 |
| 1476 | Finding vulnerabilities in curl 7.83.0 without reading a single-line of C code |
SSRF
Information disclosure
HSTS bypass |
Internet Bug Bounty (curl) |
Haxatron (@Haxatron1) |
Bug Bounty | 2022-06-12 | 2023-06-13 |
| 1451 | Hacking a NFT Platform |
SSRF |
NA |
Muhammad Abdullah |
Bug Bounty | 2022-06-17 | 2023-06-13 |
| 1435 | Pwn2Own 2021 Microsoft Exchange Exploit Chain |
SSRF
RCE |
Microsoft |
Rskvp93 (@rskvp93) |
Bug Bounty | 2022-06-23 | 2023-06-13 |
| 1434 | Miracle - One Vulnerability To Rule Them All |
Insecure deserialization
SSRF
RCE |
Oracle |
Nguyễn Tiến Giang (@testanull) |
Bug Bounty | 2022-06-23 | 2023-06-13 |
| 1428 | Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135) |
SSRF |
Atlassian |
Shubham Shah (@infosec_au) |
Bug Bounty | 2022-06-26 | 2023-06-13 |
| 1411 | CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus |
XXE
SSRF
RCE |
Zoho |
Naveen Sunkavally |
Bug Bounty | 2022-06-29 | 2023-06-13 |
| 1378 | Write Up 1: Hellosign Integration [Full Read SSRF] |
SSRF |
NA |
Soufiane Habti (@wld_basha) |
Bug Bounty | 2022-07-12 | 2023-06-13 |
| 1280 | Came looking for SSRF and found XSS |
XSS
WAF bypass |
NA |
Ibrahim Radi (@ibraradi9) |
Bug Bounty | 2022-08-04 | 2023-06-13 |
| 1192 | SSRF & Google HOF(Hall of Fame) |
SSRF |
Google |
Aman Pareek (@aman_notsogreat) |
Bug Bounty | 2022-08-22 | 2023-06-13 |
| 1168 | SSRF leads to access AWS metadata. |
SSRF |
NA |
Akash Patil (@skypatil98) |
Bug Bounty | 2022-08-27 | 2023-06-13 |
| 1135 | How I found my first SSRF to RCE! |
IDOR
SSRF
RCE |
NA |
Md. Asif Hossain (@0x0asif) |
Bug Bounty | 2022-09-04 | 2023-06-13 |
| 1126 | Bug Bounty { How I found an SSRF ( Reconnaissance ) } |
SSRF |
NA |
S Rahul (@7srambo) |
Bug Bounty | 2022-09-06 | 2023-06-13 |
| 1123 | WordPress Core - Unauthenticated Blind SSRF |
SSRF |
WordPress |
Simon Scannell (@scannell_simon) |
Bug Bounty | 2022-09-06 | 2023-06-13 |
| 1122 | Exploiting Out-of-Band XXE in the Wild |
XXE
SSRF |
NA |
Mahmoud Youssef (@0xmahmoudjo0) |
Bug Bounty | 2022-09-06 | 2023-06-13 |
| 1094 | SSRF(g/vrp) for 5000$ |
SSRF |
NA |
lalka (@0x01alka) |
Bug Bounty | 2022-09-12 | 2023-06-13 |
| 1070 | SSRF Attack Leading To AWS Metadata |
SSRF |
CERT-EU |
ParagBagul |
Bug Bounty | 2022-09-18 | 2023-06-13 |
