This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
This is a collection of writeups, cheatsheets, videos, related to SSRF in one single location
This is currently work in progress I will add more resources as I find them.
Nahamsec/Daeken - OWNING THE CLOUT THROUGH SSRF AND PDF GENERATORS
Orange Tsai A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
SaN ThosH SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1
SaN ThosH SSRF — Server Side Request Forgery (Types and ways to exploit it) Part-2
@albinowax Cracking the lens: targeting HTTP's hidden attack-surface [NEW Credit to @atul_hax]
@leonmugen: SSRF Reading Local Files from DownNotifier server
Exploiting SSRF like a Boss — Escalation of an SSRF to Local File Read!
Day Labs: SSRF attack using Microsoft's bing webmaster central
Elber Andre: SSRF Tips SSRF/XSPA in Microsoft’s Bing Webmaster Central
Valeriy Shevchenko: SSRF Vulnerability due to Sentry misconfiguration
Neeraj Sonaniya: Reading Internal Files using SSRF vulnerability
Pratik yadav: Ssrf to Read Local Files and Abusing the AWS metadata
Shorebreak Security: SSRF’s up! Real World Server-Side Request Forgery (SSRF)
Deepak Holani: Server Side Request Forgery(SSRF){port issue hidden approch }
Coen Goedegebure: How I got access to local AWS info via Jira
Corben Leo: Hacking the Hackers: Leveraging an SSRF in HackerTarget
Orange Tsai: How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
Peter Adkins: Pivoting from blind SSRF to RCE with HashiCorp Consul
Maxime Leblanc: Server-Side Request Forgery (SSRF) Attacks - Part 1: The basics
Maxime Leblanc: Server-Side Request Forgery (SSRF) Attacks — Part 2: Fun with IPv4 addresses
Maxime Leblanc: Server-Side Request Forgery (SSRF) — Part 3: Other advanced techniques
Maxime Leblanc: Privilege escalation in the Cloud: From SSRF to Global Account Administrator
Asterisk Labs: Server-side request forgery in Sage MicrOpay ESP
Alyssa Herrera: Piercing the Veil: Server Side Request Forgery to NIPRNet access
Contribution by $root: Whomai - Harsh Jaiswal: Vimeo SSRF with code execution potential.
302885 ImageMagick GIF coder vulnerability leading to memory disclosure
392859 Sending Emails from DNSDumpster - Server-Side Request Forgery to Internal SMTP Access
395521 SSRF vulnerability on proxy.duckduckgo.com (access to metadata server on AWS)
285380 www.threatcrowd.org - SSRF : AWS private key disclosure
508459 SSRF in webhooks leads to AWS private keys disclosure
398799 Jobert Abma (jobert): Unauthenticated blind SSRF in OAuth Jira authorization controller
341876 André Baptista (0xacb): SSRF in Exchange leads to ROOT access in all instances
374737 ruvlol (ruvlol): Blind SSRF on errors.hackerone.net due to Sentry misconfiguration
386292 Elb (elber): Bypass of the SSRF protection in Event Subscriptions parameter
411865 Robinooklay: Blind SSRF at https://chaturbate.com/notifications/update_push/
517461 Ninja: Blind SSRF/XSPA on dashboard.lob.com + blind code injection
263169 Tung Pun: New Relic - Internal Ports Scanning via Blind SSRF
280511 Suresh Narvaneni: Server Side Request Forgery on JSON Feed
281950 Tung Pun: Infogram - Internal Ports Scanning via Blind SSRF
288183 Dr.Jones: SSRF bypass for https://hackerone.com/reports/285380 (query AWS instance)
288537 e3xpl0it: Server Side Request Forgery protection bypass № 2
145524 paglababa: Server side request forgery (SSRF) on nextcloud implementation.
115857 Slim Shady: SSRF and local file read in video to gif converter
Black Hat: Viral Video - Exploiting SSRF in Video Converters
Muhammad Junaid: Yahoo SSRF and Local File Disclosure via FFmpeg
Muhammad Junaid: Flickr (Yahoo!) SSRF and Local File Disclosure
Crazy Danish Hacker: Server-Side Request Forgery (SSRF) - Web Application Security Series #1
Nahamsec: Owning the Clout through SSRF & PDF Generators - Defcon 27 - (SSRF on ads.snapchat.com)
Tutorials Point (India) Pvt. Ltd: Penetration Testing - Server Side Request Forgery (SSRF)
AppSec EU15 - Nicolas Gregoire - Server-Side Browsing Considered Harmful