Skip to content

Latest commit

 

History

History
279 lines (278 loc) · 35.1 KB

TOPSSRF.md

File metadata and controls

279 lines (278 loc) · 35.1 KB
Raw

Top SSRF reports from HackerOne:

  1. My Expense Report resulted in a Server-Side Request Forgery (SSRF) on Lyft to Lyft - 634 upvotes, $0
  2. SSRF in Exchange leads to ROOT access in all instances to Shopify - 524 upvotes, $0
  3. Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata to Snapchat - 371 upvotes, $0
  4. Server Side Request Forgery (SSRF) at app.hellosign.com leads to AWS private keys disclosure to Dropbox - 360 upvotes, $4913
  5. SSRF & LFR via on city-mobil.ru to Mail.ru - 342 upvotes, $6000
  6. SSRF on project import via the remote_attachment_url on a Note to GitLab - 339 upvotes, $10000
  7. Server Side Request Forgery mitigation bypass to GitLab - 331 upvotes, $0
  8. Full Response SSRF via Google Drive to Dropbox - 302 upvotes, $17576
  9. Blind SSRF to internal services in matrix preview_link API to Reddit - 279 upvotes, $6000
  10. SSRF on fleet.city-mobil.ru leads to local file read to Mail.ru - 272 upvotes, $6000
  11. SSRF leaking internal google cloud data through upload function [SSH Keys, etc..] to Vimeo - 249 upvotes, $0
  12. Full read SSRF in www.evernote.com that can leak aws metadata and local file inclusion to Evernote - 238 upvotes, $0
  13. SSRF & LFR on city-mobil.ru to Mail.ru - 237 upvotes, $6000
  14. Unsafe charts embedding implementation leads to cross-account stored XSS and SSRF to New Relic - 224 upvotes, $0
  15. Unauthenticated blind SSRF in OAuth Jira authorization controller to GitLab - 222 upvotes, $4000
  16. Unauthenticated SSRF in jira.tochka.com leading to RCE in confluence.bank24.int to QIWI - 217 upvotes, $0
  17. Full Read SSRF on Gitlab's Internal Grafana to GitLab - 206 upvotes, $0
  18. SSRF in webhooks leads to AWS private keys disclosure to Omise - 193 upvotes, $0
  19. Stored XSS & SSRF in Lark Docs to Lark Technologies - 170 upvotes, $3000
  20. SSRF on duckduckgo.com/iu/ to DuckDuckGo - 156 upvotes, $0
  21. Server Side Request Forgery to Lark Technologies - 155 upvotes, $0
  22. External SSRF and Local File Read via video upload due to vulnerable FFmpeg HLS processing to TikTok - 139 upvotes, $2727
  23. SSRF chained to hit internal host leading to another SSRF which allows to read internal images. to PlayStation - 138 upvotes, $1000
  24. SSRF in clients.city-mobil.ru to Mail.ru - 132 upvotes, $1500
  25. Blind SSRF on errors.hackerone.net due to Sentry misconfiguration to HackerOne - 130 upvotes, $3500
  26. SSRF in filtering on relap.io to Mail.ru - 130 upvotes, $1700
  27. SSRF on music.line.me through getXML.php to LINE - 128 upvotes, $4500
  28. SSRF In Get Video Contents to Semrush - 117 upvotes, $0
  29. XXE Injection through SVG image upload leads to SSRF to Zivver - 112 upvotes, $0
  30. Full read SSRF via Lark Docs import as docs feature to Lark Technologies - 111 upvotes, $5000
  31. SSRF in graphQL query (pwapi.ex2b.com) to EXNESS - 100 upvotes, $3000
  32. SSRF on image renderer to PlayStation - 96 upvotes, $1000
  33. [city-mobil.ru] SSRF & limited LFR on /taxiserv/photoeditor/save endpoint via base64 POST parameter to Mail.ru - 94 upvotes, $6000
  34. SSRF via Office file thumbnails to Slack - 91 upvotes, $4000
  35. Blind SSRF in horizon-heat to Mail.ru - 91 upvotes, $2500
  36. SSRF in api.slack.com, using slash commands and bypassing the protections. to Slack - 78 upvotes, $500
  37. SSRF and LFI in site-audit tool to Semrush - 77 upvotes, $0
  38. SSRF на https://qiwi.com с помощью "Prerender HAR Capturer" to QIWI - 77 upvotes, $0
  39. Blind SSRF in emblem editor (2) to Rockstar Games - 73 upvotes, $1500
  40. SSRF in CI after first run to GitLab - 69 upvotes, $3000
  41. LFI and SSRF via XXE in emblem editor to Rockstar Games - 69 upvotes, $1500
  42. Sending Emails from DNSDumpster - Server-Side Request Forgery to Internal SMTP Access to Hacker Target - 69 upvotes, $0
  43. SVG Server Side Request Forgery (SSRF) to Shopify - 68 upvotes, $500
  44. Blind SSRF on debug.nordvpn.com due to misconfigured sentry instance to Nord Security - 65 upvotes, $0
  45. GitLab::UrlBlocker validation bypass leading to full Server Side Request Forgery to GitLab - 63 upvotes, $0
  46. [SSRF] Server-Side Request Forgery at https://sea-web.gold.razer.com/dev/simulator via notify_url Parameter to Razer - 60 upvotes, $2000
  47. SSRF and local file disclosure by video upload on https://www.redtube.com/upload to Pornhub - 60 upvotes, $500
  48. Blind SSRF on https://labs.data.gov/dashboard/Campaign/json_status/ Endpoint to GSA Bounty - 59 upvotes, $300
  49. SSRF with information disclosure to Lark Technologies - 57 upvotes, $0
  50. SSRF and local file disclosure in https://wordpress.com/media/videos/ via FFmpeg HLS processing to Automattic - 56 upvotes, $0
  51. [tanks.mail.ru] SSRF + Кража cookie to Mail.ru - 55 upvotes, $750
  52. Blind SSRF in magnum upgrade_params to Mail.ru - 54 upvotes, $2500
  53. SSRF and local file disclosure by video upload on https://www.tube8.com/ to Pornhub - 53 upvotes, $500
  54. FogBugz import attachment full SSRF requiring vulnerability in *.fogbugz.com to GitLab - 51 upvotes, $0
  55. Get-based SSRF limited to HTTP protocol on https://resizer.line-apps.com/form to LINE - 50 upvotes, $1350
  56. SSRF - Unchecked Snippet IDs for distributed files to Open-Xchange - 49 upvotes, $1500
  57. SSRF in VCARD photo upload functionality to Open-Xchange - 49 upvotes, $850
  58. SSRF in hatchful.shopify.com to Shopify - 49 upvotes, $500
  59. BLIND SSRF ON http://jsgames.mail.ru via avaOp parameter to Mail.ru - 49 upvotes, $0
  60. Blind SSRF at https://chaturbate.com/notifications/update_push/ to Chaturbate - 48 upvotes, $1250
  61. [Kafka Connect] [JdbcSinkConnector][HttpSinkConnector] RCE by leveraging file upload via SQLite JDBC driver and SSRF to internal Jolokia to Aiven Ltd - 47 upvotes, $5000
  62. Internal SSRF bypass using slash commands at api.slack.com to Slack - 47 upvotes, $500
  63. Blind SSRF on platform.dash.cloudflare.com Due to Sentry misconfiguration to Cloudflare Public Bug Bounty - 47 upvotes, $0
  64. SMB SSRF in emblem editor exposes taketwo domain credentials, may lead to RCE to Rockstar Games - 46 upvotes, $1500
  65. Bypass of the SSRF protection in Event Subscriptions parameter. to Slack - 46 upvotes, $500
  66. SSRF By adding a custom integration on console.helium.com to Helium - 46 upvotes, $500
  67. SSRF in https://imgur.com/vidgif/url to Imgur - 46 upvotes, $0
  68. Blind SSRF External Interaction on https://mtngbissau.com/ to MTN Group - 45 upvotes, $0
  69. SSRF vulnerability can be exploited when a hijacked aggregated api server such as metrics-server returns 30X to Kubernetes - 44 upvotes, $1000
  70. SSRF to Mail.ru - 44 upvotes, $0
  71. SSRF to read AWS metaData at https://█████/ [HtUS] to U.S. Dept Of Defense - 43 upvotes, $1000
  72. SSRF - Blacklist bypass for mail account addition to Open-Xchange - 43 upvotes, $500
  73. SSRF in the application's image export functionality to Visma Public - 42 upvotes, $250
  74. connect.8x8.com: Blind SSRF via /api/v2/chats/image-check allows for Internal Ports scan to 8x8 Bounty - 42 upvotes, $0
  75. SSRF - Image Sources in HTML Snippets - 727234 bypass to Open-Xchange - 41 upvotes, $400
  76. Bypassing domain deny_list rule in Smokescreen via trailing dot leads to SSRF to Stripe - 39 upvotes, $1500
  77. SSRF in alerts.newrelic.com exposes entire internal network to New Relic - 39 upvotes, $0
  78. Server-Side Request Forgery (SSRF) in Ghost CMS to Node.js third-party modules - 39 upvotes, $0
  79. SSRF - Office Documents - Image URL to Open-Xchange - 37 upvotes, $450
  80. SSRF - URL Attachments - 725307 bypass to Open-Xchange - 37 upvotes, $400
  81. Blind SSRF на calendar.mail.ru при импорте календаря to Mail.ru - 36 upvotes, $0
  82. SSRF and local file disclosure by video upload on http://www.youporn.com/ to Pornhub - 35 upvotes, $500
  83. Grafana SSRF in grafana.instamart.ru to Mail.ru - 35 upvotes, $0
  84. MCS Graphite SSRF: internal network access to Mail.ru - 34 upvotes, $2500
  85. SSRF in Functional Administrative Support Tool pdf generator (████) [HtUS] to U.S. Dept Of Defense - 33 upvotes, $4000
  86. Injection of http.\<url\>.* git config settings leading to SSRF to GitLab - 33 upvotes, $3000
  87. SSRF at jira.plazius.ru - CVE-2019-8451 to Mail.ru - 33 upvotes, $1200
  88. Blind SSRF on [relap.io] to Mail.ru - 33 upvotes, $1000
  89. SSRF - RSS feed, blacklist bypass (301 re-direct) to Open-Xchange - 33 upvotes, $850
  90. FULL SSRF to Acronis - 33 upvotes, $0
  91. SSRF - RSS feed, blacklist bypass (IP Formatting) to Open-Xchange - 32 upvotes, $850
  92. SSRF in Search.gov via ?url= parameter to GSA Bounty - 32 upvotes, $150
  93. SSRF in https://www.zomato.com████ allows reading local files and website source code to Zomato - 31 upvotes, $0
  94. SSRF & Blind XSS in Gravatar email to Automattic - 30 upvotes, $0
  95. Blind SSRF at packagist.maximum.nl to Radancy - 30 upvotes, $0
  96. blind Server-Side Request Forgery (SSRF) allows scanning internal ports to Elastic - 30 upvotes, $0
  97. Blind SSRF in social-plugins.line.me to LINE - 29 upvotes, $100
  98. Open redirect bypass & SSRF Security Vulnerability to Smule - 29 upvotes, $0
  99. SSRF allows reading AWS EC2 metadata using "readapi" variable in Streamlabs Cloudbot to Logitech - 28 upvotes, $200
  100. Blind SSRF in "Integrations" by abusing a bug in Ruby's native resolver. to HackerOne - 28 upvotes, $0
  101. SSRF at ideas.starbucks.com to Starbucks - 28 upvotes, $0
  102. SSRF vulnerability on ██████████ leaks internal IP and various sensitive information to U.S. Dept Of Defense - 28 upvotes, $0
  103. SSRF on http://www.███████/crossdomain.php via url parameter to Sony - 27 upvotes, $0
  104. [data-07.uberinternal.com] SSRF in Portainer app lead to access to Internal Docker API without Auth to Uber - 26 upvotes, $500
  105. SSRF in notifications.server configuration to Phabricator - 26 upvotes, $300
  106. SSRF via potential filter bypass with too lax local domain checking to Nextcloud - 26 upvotes, $250
  107. SSRF via filter bypass due to lax checking on IPs to Nextcloud - 26 upvotes, $250
  108. SSRF in upload IMG through URL to Discourse - 26 upvotes, $64
  109. Blind SSRF [ Sentry Misconfiguraton ] to Mail.ru - 25 upvotes, $0
  110. SSRF in imgur video GIF conversion to Imgur - 25 upvotes, $0
  111. GitLab's GitHub integration is vulnerable to SSRF vulnerability to GitLab - 24 upvotes, $2000
  112. Bypass for blind SSRF #281950 and #287496 to Infogram - 24 upvotes, $0
  113. Full read SSRF in flyte-poc-us-east4.uberinternal.com to Uber - 23 upvotes, $2000
  114. [Plazius] SSRF через некорректно сконфигурированный Fiddler 46.148.201.206:10121 to Mail.ru - 23 upvotes, $1200
  115. Non-production Open Database In Combination With XXE Leads To SSRF to Evernote - 23 upvotes, $0
  116. SSRF to Cloudflare Vulnerability Disclosure - 22 upvotes, $0
  117. [Uppy] Internal Server side request forgery (bypass of #786956) to Node.js third-party modules - 22 upvotes, $0
  118. SSRF vulnerability on proxy.duckduckgo.com (access to metadata server on AWS) to DuckDuckGo - 21 upvotes, $0
  119. SSRF on █████████ Allowing internal server data access to U.S. Dept Of Defense - 21 upvotes, $0
  120. SSRF & unrestricted file upload on https://my.stripo.email/ to Stripo Inc - 21 upvotes, $0
  121. ssrf xspa [https://prt.mail.ru/] 2 to Mail.ru - 21 upvotes, $0
  122. SSRF in /appsuite/api/autoconfig to Open-Xchange - 20 upvotes, $850
  123. Wordpress 4.7 - CSRF -> HTTP SSRF any private ip:port and basic-auth to WordPress - 20 upvotes, $0
  124. SSRF on jira.mariadb.org to MariaDB - 20 upvotes, $0
  125. Server Side Request Forgery in Uppy npm module to Node.js third-party modules - 20 upvotes, $0
  126. Blind HTTP GET SSRF via website icon fetch (bypass of pull#812) to Bitwarden - 20 upvotes, $0
  127. SSRF external interaction to Stripo Inc - 20 upvotes, $0
  128. SSRF for kube-apiserver cloudprovider scene to Kubernetes - 20 upvotes, $0
  129. Half-Blind SSRF found in kube/cloud-controller-manager can be upgraded to complete SSRF (fully crafted HTTP requests) in vendor managed k8s service. to Kubernetes - 19 upvotes, $5000
  130. Blind SSRF in ads.tiktok.com to TikTok - 19 upvotes, $150
  131. SSRF at iris.lystit.com to Lyst - 19 upvotes, $100
  132. Server side request forgery on image upload for lists to Instacart - 19 upvotes, $50
  133. Infrastructure - Photon - SSRF to WordPress - 19 upvotes, $0
  134. CRLF injection & SSRF in git:// protocal lead to arbitrary code execution to GitLab - 19 upvotes, $0
  135. SSRF to AWS file read to Topcoder - 19 upvotes, $0
  136. Server side request forgery (SSRF) on nextcloud implementation. to Nextcloud - 18 upvotes, $0
  137. Additional bypass allows SSRF for internal netblocks to HackerOne - 18 upvotes, $0
  138. SSRF protection bypass to Nextcloud - 17 upvotes, $100
  139. SSRF thru File Replace to Concrete CMS - 17 upvotes, $0
  140. SSRF On [ allods.mail.ru ] to Mail.ru - 17 upvotes, $0
  141. SSRF in img.lemlist.com that leads to Localhost Port Scanning to lemlist - 17 upvotes, $0
  142. Bypassing Whitelist to perform SSRF for internal host scanning to U.S. Department of State - 17 upvotes, $0
  143. Unauthenticated Blind SSRF at https://█████ via xmlrpc.php file to U.S. Dept Of Defense - 17 upvotes, $0
  144. [la.mail.ru] - SSRF + кража cookie to Mail.ru - 16 upvotes, $750
  145. Blind SSRF on sentry.dev-my.com due to Sentry misconfiguration to Mail.ru - 16 upvotes, $500
  146. SSRF vulnerability in gitlab.com via project import. to GitLab - 16 upvotes, $0
  147. Bypassing HTML filter in "Packing Slip Template" Lead to SSRF to Internal Kubernetes Endpoints to Shopify - 16 upvotes, $0
  148. SSRF in https://cards-dev.twitter.com/validator to Twitter - 15 upvotes, $0
  149. SSRF + RCE через fastCGI в POST /api/nr/video to Mail.ru - 15 upvotes, $0
  150. SSRF allows access to internal services like Ganglia to Dropbox - 14 upvotes, $729
  151. Potential SSRF in sales.mail.ru to Mail.ru - 14 upvotes, $300
  152. SSRF via webhook to Mixmax - 14 upvotes, $0
  153. SSRF in proxy.duckduckgo.com via the image_host parameter to DuckDuckGo - 14 upvotes, $0
  154. Blind SSRF in Ticketing Integrations Jira webhooks leading to internal network enumeration and blind HTTP requests to New Relic - 14 upvotes, $0
  155. SSRF на https://target.my.com/ to Mail.ru - 13 upvotes, $800
  156. Unauthenticated SSRF in 3rd party module "cerdic/csstidy" to Nextcloud - 13 upvotes, $250
  157. Blind SSRF on synthetics.newrelic.com to New Relic - 13 upvotes, $0
  158. Internal Ports Scanning via Blind SSRF to New Relic - 13 upvotes, $0
  159. SSRF issue in "URL target" allows [REDACTED] to Zendesk - 13 upvotes, $0
  160. SSRF protection bypass in /appsuite/api/oxodocumentfilter addfile action to Open-Xchange - 12 upvotes, $550
  161. SSRF In plantuml (on plantuml.pre.gitlab.com) to GitLab - 12 upvotes, $100
  162. SSRF on testing endpoint to APITest.IO - 12 upvotes, $0
  163. Golang : Improvements to Golang SSRF query to GitHub Security Lab - 12 upvotes, $0
  164. Blind SSRF on velodrome.canary.k8s.io to Kubernetes - 12 upvotes, $0
  165. SSRF bypass to Concrete CMS - 12 upvotes, $0
  166. SSRF into Shared Runner, by replacing dockerd with malicious server in Executor to GitLab - 11 upvotes, $2000
  167. Bypass of the SSRF protection (Slack commands, Phabricator integration) to Slack - 11 upvotes, $100
  168. SSRF and local file read in video to gif converter to Imgur - 11 upvotes, $0
  169. Internal Ports Scanning via Blind SSRF to Infogram - 11 upvotes, $0
  170. [et.mail.ru] ssrf 2 to Mail.ru - 11 upvotes, $0
  171. SSRF when importing a project from a git repo by URL to GitLab - 11 upvotes, $0
  172. H1514 Shopify API ruby SDK session setup lacks input validation, resulting in SSRF and leakage of client secret to Shopify - 11 upvotes, $0
  173. SSRF in Export template to ActiveCampaign to Stripo Inc - 11 upvotes, $0
  174. Server-Side Request Forgery in "icons.bitwarden.net" to Bitwarden - 11 upvotes, $0
  175. SSRF restricted to HTTP/HTML on LINE Social Plugins (https://social-plugins.line.me/) to LINE - 11 upvotes, $0
  176. Blind SSRF in /appsuite/api/oxodocumentfilter&action=addfile to Open-Xchange - 10 upvotes, $550
  177. SSRF на api.icq.net to Mail.ru - 10 upvotes, $500
  178. Server side request forgery to Mail.ru - 10 upvotes, $0
  179. [h1-415 2020] SSRF in a headless chrome with remote debugging leads to sensible information leak to h1-ctf - 10 upvotes, $0
  180. SSRF vulnerablity in app webhooks to Dropbox - 9 upvotes, $512
  181. SSRF (open) - via GET request to VK.com - 9 upvotes, $300
  182. Internal Ports Scanning via Blind SSRF (URL Redirection to beat filter) to Infogram - 9 upvotes, $0
  183. Server Side Request Forgery on JSON Feed to Infogram - 9 upvotes, $0
  184. SSRF vulnerability in gitlab.com webhook to GitLab - 9 upvotes, $0
  185. Blind SSRF on image proxy camo.stream.highwebmedia.com to Chaturbate - 9 upvotes, $0
  186. SSRF in ███████ to U.S. Dept Of Defense - 9 upvotes, $0
  187. Blind SSRF as normal user from mailapp to Nextcloud - 9 upvotes, $0
  188. Server-Side request forgery in New-Subscription feature of the calendar app to Nextcloud - 8 upvotes, $100
  189. SSRF occurrence in website preview used by LINE Official Account Manager (https://manager.line.biz) to LINE - 8 upvotes, $100
  190. Potential SSRF and disclosure of sensitive site on *shopifycloud.com to Shopify - 8 upvotes, $0
  191. SSRF on infawiki.informatica.com and infawikitest.informatica.com to Informatica - 8 upvotes, $0
  192. Server-Side Request Forgery (SSRF) to U.S. Dept Of Defense - 8 upvotes, $0
  193. SSRF in /cabinet/stripeapi/v1/siteInfoLookup?url=XXX to Stripo Inc - 8 upvotes, $0
  194. Blind SSRF on http://info.ucs.ru/settings/check/ to Mail.ru - 8 upvotes, $0
  195. Server Side Request Forgery in 'Jabber settings' in Admin Control Panel to phpBB - 8 upvotes, $0
  196. Mail app - blind SSRF via imapHost parameter to Nextcloud - 8 upvotes, $0
  197. SSRF in www.ucs.ru to Mail.ru - 7 upvotes, $250
  198. SSRF / Local file enumeration / DoS due to improper handling of certain file formats by ffmpeg to Imgur - 7 upvotes, $0
  199. Server Side Request Forgery In Video to GIF Functionality to Imgur - 7 upvotes, $0
  200. SSRF on synthetics.newrelic.com permitting access to sensitive data to New Relic - 7 upvotes, $0
  201. GET /api/v2/url_info endpoint is vulnerable to Blind SSRF to Automattic - 7 upvotes, $0
  202. [usuppliers.uber.com] - Server Side Request Forgery via XXE OOB to Uber - 7 upvotes, $0
  203. SSRF due to CVE-2021-26855 on ████████ to U.S. Dept Of Defense - 7 upvotes, $0
  204. Full read SSRF at █████████ [HtUS] to U.S. Dept Of Defense - 7 upvotes, $0
  205. Bypassing domain deny_list rule in Smokescreen via double brackets [[]] which leads to SSRF to Stripe - 7 upvotes, $0
  206. SSRF & XSS (W3 Total Cache) to Pornhub - 6 upvotes, $1000
  207. [Java] CWE-918: Added URLClassLoader and WebClient SSRF sinks to GitHub Security Lab - 6 upvotes, $1000
  208. SSRF in the Connector Designer (REST and Elastic Search) to Bime - 6 upvotes, $0
  209. Blind SSRF due to img tag injection in career form to Mixmax - 6 upvotes, $0
  210. Potensial SSRF via Git repository URL to GitLab - 6 upvotes, $0
  211. SSRF on ████████ to U.S. Dept Of Defense - 6 upvotes, $0
  212. Blind SSRF at https://chat.makerdao.com/account/profile to BlockDev Sp. Z o.o - 6 upvotes, $0
  213. Server Side Request Forgery to Lark Technologies - 6 upvotes, $0
  214. Bypass of SSRF Vulnerability to Node.js third-party modules - 6 upvotes, $0
  215. Dropbox apps Server side request forgery to Dropbox - 5 upvotes, $0
  216. Server Side Request Forgery (SSRF) vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  217. Possible SSRF at URL Parameter while creating a new package repository to GoCD - 5 upvotes, $0
  218. SSRF on local storage of iOS mobile to Nextcloud - 5 upvotes, $0
  219. Blind SSRF while Creating Templates to Stripo Inc - 5 upvotes, $0
  220. C# : Add query to detect Server Side Request Forgery to GitHub Security Lab - 5 upvotes, $0
  221. [Python]: Add Server-side Request Forgery sinks to GitHub Security Lab - 5 upvotes, $0
  222. Blind SSRF via image upload URL downloader on https://██████/ to U.S. Dept Of Defense - 5 upvotes, $0
  223. Mail app - Blind SSRF via Sierve server fonctionnality and sieveHost parameter to Nextcloud - 5 upvotes, $0
  224. Mail app - blind SSRF via smtpHost parameter to Nextcloud - 5 upvotes, $0
  225. Blind SSRF in FogBugz project import to GitLab - 5 upvotes, $0
  226. [Java]: Add JDBC connection SSRF sinks to GitHub Security Lab - 4 upvotes, $1800
  227. SSRF via 'Add Image from URL' feature to Shopify - 4 upvotes, $500
  228. SSRF - Guard - Unchecked HKP servers to Open-Xchange - 4 upvotes, $400
  229. SSRF - Guard - Unchecked WKS servers to Open-Xchange - 4 upvotes, $400
  230. SSRF issue to Bime - 4 upvotes, $0
  231. WebLogic Server Side Request Forgery to U.S. Dept Of Defense - 4 upvotes, $0
  232. [Limited bypass of #793704] Blind SSRF in Ghost CMS to Node.js third-party modules - 4 upvotes, $0
  233. SSRF in my.stripo.email to Stripo Inc - 4 upvotes, $0
  234. SSRF via Export Service in ActiveCampaign to Stripo Inc - 4 upvotes, $0
  235. Java: Add SSRF query for Java to GitHub Security Lab - 4 upvotes, $0
  236. SSRF via maliciously crafted URL due to host confusion to curl - 4 upvotes, $0
  237. CVE-2021-26855 on ████████ resulting in SSRF to U.S. Dept Of Defense - 4 upvotes, $0
  238. Blind SSRF on infodesk.engelvoelkers.com via proxy.php to Engel & Völkers Technology GmbH - 4 upvotes, $0
  239. Local file disclosure through SSRF at next.nutanix.com to Nutanix - 4 upvotes, $0
  240. SSRF ACCESS AWS METADATA - █████ to U.S. Dept Of Defense - 4 upvotes, $0
  241. SSRF mitigation bypass using DNS Rebind attack to Concrete CMS - 4 upvotes, $0
  242. SSRF via 'Insert Image' feature of Products/Collections/Frontpage to Shopify - 3 upvotes, $500
  243. Yet another SSRF query for Go to GitHub Security Lab - 3 upvotes, $450
  244. Yet another SSRF query for Go to GitHub Security Lab - 3 upvotes, $450
  245. Yet another SSRF query for Go to GitHub Security Lab - 3 upvotes, $450
  246. connect.mail.ru: SSRF to Mail.ru - 3 upvotes, $300
  247. SSRF через Share-ботов to VK.com - 3 upvotes, $300
  248. Yet another SSRF query for Javascript to GitHub Security Lab - 3 upvotes, $250
  249. XXE and SSRF on webmaster.mail.ru to Mail.ru - 3 upvotes, $0
  250. SSRF on https://whitehataudit.slack.com/account/photo to Slack - 3 upvotes, $0
  251. Bypass of anti-SSRF defenses in YahooCacheSystem (affecting at least YQL and Pipes) to Yahoo! - 3 upvotes, $0
  252. Internal GET SSRF via CSRF with Press This scan feature to Automattic - 3 upvotes, $0
  253. SSRF at apps.nextcloud.com/developer/apps/releases/new to Nextcloud - 3 upvotes, $0
  254. https://████████ Impacted by DNN ImageHandler SSRF to U.S. Dept Of Defense - 3 upvotes, $0
  255. SSRF due to CVE-2021-27905 in www.████████ to U.S. Dept Of Defense - 3 upvotes, $0
  256. SSRF - pivoting in the private LAN to Concrete CMS - 3 upvotes, $0
  257. Yet another SSRF query for Go to GitHub Security Lab - 2 upvotes, $450
  258. SSRF vulnerability (access to metadata server on EC2 and OpenStack) to Phabricator - 2 upvotes, $300
  259. Yet another SSRF query for Javascript to GitHub Security Lab - 2 upvotes, $250
  260. Yet another SSRF query for Javascript to GitHub Security Lab - 2 upvotes, $250
  261. Yet another SSRF query for Javascript to GitHub Security Lab - 2 upvotes, $250
  262. SSRF (Portscan) via Register Function (Custom Server) to RelateIQ - 2 upvotes, $0
  263. Server Side Request Forgery in macro creation to Phabricator - 2 upvotes, $0
  264. SSRF via git Repo by URL Abuse to GitLab - 2 upvotes, $0
  265. SSRF in rompager-check to Hanno's projects - 2 upvotes, $0
  266. ssrf xspa [https://prt.mail.ru/] to Mail.ru - 2 upvotes, $0
  267. SSRF Possible through /wordpress/xmlrpc.php to Ian Dunn - 2 upvotes, $0
  268. [CVE-2022-35949]: undici.request vulnerable to SSRF using absolute / protocol-relative URL on pathname to Internet Bug Bounty - 2 upvotes, $0
  269. Server-side request forgery (ssrf) to Yelp - 2 upvotes, $0
  270. CodeQL query to detect SSRF in Python to GitHub Security Lab - 1 upvotes, $500
  271. SSRF на element.mail.ru to Mail.ru - 1 upvotes, $250
  272. Java: CWE-918 - Server Side Request Forgery (SSRF) to GitHub Security Lab - 1 upvotes, $250
  273. [allods.my.com] SSRF / XSPA to Mail.ru - 1 upvotes, $150
  274. Server Side Request Forgery to Yahoo! - 1 upvotes, $0
  275. Possible SSRF in email server settings(SMTP mode) to Nextcloud - 1 upvotes, $0
  276. SSRF leads to internal port scan to Stripo Inc - 1 upvotes, $0
  277. SSRF in login page using fetch API exposes victims IP address to attacker controled server to U.S. Dept Of Defense - 0 upvotes, $0