Top 50+ Server-Side Request Forgery (SSRF) writeups - Thebughacker

Top SSRF bug writeups

What is a Server-Side Request Forgery (SSRF) attack?

Server-Side Request Forgery is a web security weakness that permits an attacker to prompt the server-side application to make requests to an accidental area.

The attacker could make the server make an association with inner just administrations inside the association's foundation.

Attacker as a rule uses SSRF attacks to target inward frameworks that are behind firewalls and are not open from the outer organization.

How dangerous is SSRF?

SSRF is an exceptionally perilous weakness that might cause serious security breaks. It is an exceptionally helpful method for keeping away from firewalls and accessing inside assets that sounds distant. SSRF is frequently used to heighten goes after further.

In certain circumstances, the SSRF weakness could permit an aggressor to perform erratic order execution.

An SSRF exploits that make associations outside outsider frameworks could result in pernicious forward attacks that seem to start from the association hosting the vulnerable application.


Below is the list of SSRF writeups by the worldwide hacker: 

  1. Story of a really cool SSRF bug.
  2. $10000 Facebook SSRF (Bug Bounty)
  3. 31k$ SSRF in Google Cloud Monitoring led to metadata exposure
  4. SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever 
  5. Blind SSRF - The Hide & Seek Game
  6. CVE-2020-13379 Unauthenticated Full-Read SSRF in Grafana
  7. SSRF in import file function
  8. From . in regex to SSRF - part 3
  9. My First Bug: Blind SSRF Through Profile Picture Upload
  10. Bug bounty write-up: From SSRF to $4000
  11. Story of a 2.5k Bounty — SSRF on Zimbra Led to Dump All Credentials in Clear Text
  12. A tale of my first ever full SSRF bug
  13. Leveraging an SSRF to leak a secret API key
  14. From . in regex to SSRF — part 1
  15. From . in regex to SSRF — part 2
  16. My Expense Report resulted in a Server-Side Request Forgery (SSRF) on Lyft
  17. The Story of Blind SSRF leads to internal Host discovery.
  18. Exploiting an SSRF: Trials and Tribulations
  19. SSRF on PDF generator.
  20. How i found 3 SSRF in one day on different bug bounty targets
  21. [Google VRP] SSRF in Google Cloud Platform StackDriver
  22. Vimeo upload function SSRF
  23. SSRF via FFmpeg HLS processing
  24. [bugbounty] A Simple SSRF
  25. SSRF | Reading Local Files from DownNotifier server
  26. Gain adfly SMTP access with SSRF via Gopher Protocol
  27. Server Side Request Forgery(SSRF){port issue hidden approch }
  28. The journey of Web Cache + Firewall Bypass to SSRF to AWS credentials compromise
  29. Ssrf to Read Local Files and Abusing the AWS metadata
  30. PDFReacter SSRF to ROOT Level Local File Read which led to RCE
  31. SSRF Tips: SSRF/XSPA in Microsoft’s Bing Webmaster Central
  32. DownNotifier SSRF
  33. Escalating SSRF to RCE
  34. Vimeo SSRF with code execution potential.
  35. $1.000 SSRF in Slack
  36. [SSRF] Server Side Request Forgery in a private Program developers.example.com
  37. Exploiting SSRF like a Boss — Escalation of an SSRF to Local File Read!
  38. AWS takeover through SSRF in JavaScript
  39. Into the Borg – SSRF inside Google production network
  40. How I found XSS via SSRF vulnerability -Adesh Kolte
  41. How i converted SSRF to XSS in Jira.
  42. Getting read access on Edmodo Production Server by exploiting SSRF
  43. Stored XSS, and SSRF in Google using the Dataset Publishing Language
  44. How I found SSRF on the Facebook.com
  45. P4 to P2 - The story of one blind SSRF
  46. From SSRF to Local File Disclosure
  47. How i found an SSRF in Yahoo! Guesthouse (Recon Wins)
  48. Reading Internal Files using SSRF vulnerability
  49. How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
  50. Escalating XSS in PhantomJS Image Rendering to SSRF/Local-File Read
  51. Pivoting from blind SSRF to RCE with HashiCorp Consul
  52. Airbnb – Chaining Third-Party Open Redirect into Server-Side Request Forgery (SSRF) via LivePerson Chat

If you want to submit your writeups in the list. Submit Here

Previous Post Next Post

Contact Form