What is a Server-Side Request Forgery (SSRF) attack?
Server-Side Request Forgery is a web security weakness that permits an attacker to prompt the server-side application to make requests to an accidental area.
The attacker could make the server make an association with inner just administrations inside the association's foundation.
Attacker as a rule uses SSRF attacks to target inward frameworks that are behind firewalls and are not open from the outer organization.
How dangerous is SSRF?
SSRF is an exceptionally perilous weakness that might cause serious security breaks. It is an exceptionally helpful method for keeping away from firewalls and accessing inside assets that sounds distant. SSRF is frequently used to heighten goes after further.
In certain circumstances, the SSRF weakness could permit an aggressor to perform erratic order execution.
An SSRF exploits that make associations outside outsider frameworks could result in pernicious forward attacks that seem to start from the association hosting the vulnerable application.
Below is the list of SSRF writeups by the worldwide hacker:
- Story of a really cool SSRF bug.
- $10000 Facebook SSRF (Bug Bounty)
- 31k$ SSRF in Google Cloud Monitoring led to metadata exposure
- SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever
- Blind SSRF - The Hide & Seek Game
- CVE-2020-13379 Unauthenticated Full-Read SSRF in Grafana
- SSRF in import file function
- From . in regex to SSRF - part 3
- My First Bug: Blind SSRF Through Profile Picture Upload
- Bug bounty write-up: From SSRF to $4000
- Story of a 2.5k Bounty — SSRF on Zimbra Led to Dump All Credentials in Clear Text
- A tale of my first ever full SSRF bug
- Leveraging an SSRF to leak a secret API key
- From . in regex to SSRF — part 1
- From . in regex to SSRF — part 2
- My Expense Report resulted in a Server-Side Request Forgery (SSRF) on Lyft
- The Story of Blind SSRF leads to internal Host discovery.
- Exploiting an SSRF: Trials and Tribulations
- SSRF on PDF generator.
- How i found 3 SSRF in one day on different bug bounty targets
- [Google VRP] SSRF in Google Cloud Platform StackDriver
- Vimeo upload function SSRF
- SSRF via FFmpeg HLS processing
- [bugbounty] A Simple SSRF
- SSRF | Reading Local Files from DownNotifier server
- Gain adfly SMTP access with SSRF via Gopher Protocol
- Server Side Request Forgery(SSRF){port issue hidden approch }
- The journey of Web Cache + Firewall Bypass to SSRF to AWS credentials compromise
- Ssrf to Read Local Files and Abusing the AWS metadata
- PDFReacter SSRF to ROOT Level Local File Read which led to RCE
- SSRF Tips: SSRF/XSPA in Microsoft’s Bing Webmaster Central
- DownNotifier SSRF
- Escalating SSRF to RCE
- Vimeo SSRF with code execution potential.
- $1.000 SSRF in Slack
- [SSRF] Server Side Request Forgery in a private Program developers.example.com
- Exploiting SSRF like a Boss — Escalation of an SSRF to Local File Read!
- AWS takeover through SSRF in JavaScript
- Into the Borg – SSRF inside Google production network
- How I found XSS via SSRF vulnerability -Adesh Kolte
- How i converted SSRF to XSS in Jira.
- Getting read access on Edmodo Production Server by exploiting SSRF
- Stored XSS, and SSRF in Google using the Dataset Publishing Language
- How I found SSRF on the Facebook.com
- P4 to P2 - The story of one blind SSRF
- From SSRF to Local File Disclosure
- How i found an SSRF in Yahoo! Guesthouse (Recon Wins)
- Reading Internal Files using SSRF vulnerability
- How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
- Escalating XSS in PhantomJS Image Rendering to SSRF/Local-File Read
- Pivoting from blind SSRF to RCE with HashiCorp Consul
- Airbnb – Chaining Third-Party Open Redirect into Server-Side Request Forgery (SSRF) via LivePerson Chat
If you want to submit your writeups in the list. Submit Here