Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1058Securing Developer Tools: OneDev Remote Code Execution RCE SSRF Broken Access Control Container escape OneDev Paul Gerste Bug Bounty2022-09-202023-06-13
1052Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library Universal XSS SSRF Open redirect Web cache poisoning Netlify Gemini PancakeSwap Docusign Moonpay Celo Sam Curry (@samwcyo) Bug Bounty2022-09-212023-06-13
1041Pre-Auth Remote Code Execution - Web Page Test RCE SSRF CatchPoint Laluka (@TheLaluka) Bug Bounty2022-09-232023-06-13
1030Skype for Business Audit Part 2 - SKYPErimeterleak SSRF Security code review Microsoft Florian Hauser (@frycos) Bug Bounty2022-09-262023-06-13
1026From nothing to AWS credentials SSRF NA (@darkandroider) Bug Bounty2022-09-272023-06-13
999Appsmith Patches Full-Read SSRF Vulnerabilities Reported by CloudSEK SSRF Appsmith Sparsh Kulshrestha (@d0tdotslash) Bug Bounty2022-10-052023-06-13
997A Deep Dive of CVE-2022–33987 (Got allows a redirect to a UNIX socket) SSRF MediaWiki Chaim Sanders Bug Bounty2022-10-062023-06-13
955Story about Escalation of HTML Injection to EC2 Instance credentials leak SSRF HTML injection NA Harsh Tandel (@H4r5h_T4nd37) Bug Bounty2022-10-142023-06-13
935Microsoft Office Online Server Remote Code Execution SSRF RCE Microsoft Manish Tanwar (@IndiShell1046) Bug Bounty2022-10-192023-06-13
917Atlassian Jira Align, Version 10.107.4 Advisory SSRF Broken Access Control Privilege escalation Atlassian Jacob Shafer (@fibbot) Bug Bounty2022-10-242023-06-13
915SSRF & LFI In Uploads Feature SSRF LFI NA Raymond Lind Bug Bounty2022-10-242023-06-13
907Microsoft SharePoint Server Post-Authentication Server-Side Request Forgery vulnerability SSRF Microsoft Li Jiantao (@CurseRed) Bug Bounty2022-10-252023-06-13
904SSRF Bug Leads To AWS Metadata Exposure SSRF NA Raymond Lind Bug Bounty2022-10-262023-06-13
894AWS SSRF to Root on production instance — A bug worth 1.75Lacs SSRF RCE Password reset NA Avinash Jain (@logicbomb_1) Bug Bounty2022-10-272023-06-13
891Blind SSRF in Skype (Microsoft) Blind SSRF Microsoft Jayateertha Guruprasad (@JayateerthaG) Bug Bounty2022-10-282023-06-13
887Exploiting Static Site Generators: When Static Is Not Actually Static SSRF XSS Security code review Netlify Gatsby Shubham Shah (@infosec_au) Bug Bounty2022-10-282023-06-13
884Vulnerabilities In Apache Batik Default Security Controls – SSRF And RCE Through Remote Class Loading SSRF RCE Apache Batik Piotr Bazydło (@chudypb) Bug Bounty2022-10-312023-06-13
862Story of a $1k bounty — SSRF to leaking access token and other sensitive information SSRF NA Faique (@imfaiqu3) Bug Bounty2022-11-052023-06-13
849Chaining Path Traversal with SSRF to disclose internal git repo data in a Bank Asset SSRF Path traversal NA Nikhil (niks) (@niksthehacker) Bug Bounty2021-11-092023-06-13
828Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3) RCE Code injection SSRF Line Feed injection Arbitrary file read Authentication bypass Security code review Checkmk Stefan Schiller (@scryh_) Bug Bounty2022-11-152023-06-13
793SSRF via DNS Rebinding (CVE-2022–4096) SSRF DNS rebinding TOCTOU Appsmith Basavaraj Banakar (@basu_banakar) Bug Bounty2022-11-222023-06-13
747How I found my first RCE! RCE Components with known vulnerabilities WSO2 SSRF NA 302Found Bug Bounty2022-12-012023-06-13
742Multiple Vulnerabilities in Proxmox VE & Proxmox Mail Gateway XSS CRLF injection SSRF LFI Local Privilege Escalation Arbitrary file read Proxmox JianTao Li (@cursered) Bug Bounty2022-12-022023-06-13
731The most underrated injection of all time — CYPHER INJECTION. How I found and exploited it ? Cypher injection SSRF NA Ashutosh Dutta (@maniacmarvel_) Bug Bounty2022-12-042023-06-13
668Cisco BroadWorks CommPilot Application Software Unauthenticated Server-Side Request Forgery (CVE-2022-20951) SSRF Security code review Cisco smaury (@smaury92) Bug Bounty2022-12-212023-06-13