Skip to content

Latest commit

 

History

History
288 lines (287 loc) · 36.3 KB

TOPSSRF.md

File metadata and controls

288 lines (287 loc) · 36.3 KB
Raw

Top SSRF reports from HackerOne:

  1. My Expense Report resulted in a Server-Side Request Forgery (SSRF) on Lyft to Lyft - 648 upvotes, $0
  2. SSRF in Exchange leads to ROOT access in all instances to Shopify - 538 upvotes, $0
  3. Server Side Request Forgery (SSRF) via Analytics Reports to HackerOne - 411 upvotes, $25000
  4. Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata to Snapchat - 385 upvotes, $0
  5. Server Side Request Forgery (SSRF) at app.hellosign.com leads to AWS private keys disclosure to Dropbox - 360 upvotes, $4913
  6. SSRF & LFR via on city-mobil.ru to Mail.ru - 343 upvotes, $0
  7. SSRF on project import via the remote_attachment_url on a Note to GitLab - 341 upvotes, $10000
  8. Server Side Request Forgery mitigation bypass to GitLab - 333 upvotes, $0
  9. Full Response SSRF via Google Drive to Dropbox - 302 upvotes, $17576
  10. Blind SSRF to internal services in matrix preview_link API to Reddit - 298 upvotes, $6000
  11. SSRF on fleet.city-mobil.ru leads to local file read to Mail.ru - 272 upvotes, $0
  12. SSRF leaking internal google cloud data through upload function [SSH Keys, etc..] to Vimeo - 252 upvotes, $0
  13. Full read SSRF in www.evernote.com that can leak aws metadata and local file inclusion to Evernote - 246 upvotes, $0
  14. SSRF & LFR on city-mobil.ru to Mail.ru - 237 upvotes, $0
  15. Unsafe charts embedding implementation leads to cross-account stored XSS and SSRF to New Relic - 225 upvotes, $0
  16. Unauthenticated blind SSRF in OAuth Jira authorization controller to GitLab - 222 upvotes, $4000
  17. SSRF in graphQL query (pwapi.ex2b.com) to EXNESS - 221 upvotes, $3000
  18. Unauthenticated SSRF in jira.tochka.com leading to RCE in confluence.bank24.int to QIWI - 220 upvotes, $0
  19. Full Read SSRF on Gitlab's Internal Grafana to GitLab - 212 upvotes, $0
  20. SSRF in webhooks leads to AWS private keys disclosure to Omise - 194 upvotes, $0
  21. Stored XSS & SSRF in Lark Docs to Lark Technologies - 171 upvotes, $3000
  22. SSRF on duckduckgo.com/iu/ to DuckDuckGo - 158 upvotes, $0
  23. Server Side Request Forgery to Lark Technologies - 156 upvotes, $0
  24. External SSRF and Local File Read via video upload due to vulnerable FFmpeg HLS processing to TikTok - 144 upvotes, $2727
  25. SSRF chained to hit internal host leading to another SSRF which allows to read internal images. to PlayStation - 138 upvotes, $1000
  26. SSRF in clients.city-mobil.ru to Mail.ru - 132 upvotes, $1500
  27. Blind SSRF on errors.hackerone.net due to Sentry misconfiguration to HackerOne - 130 upvotes, $3500
  28. SSRF in filtering on relap.io to Mail.ru - 130 upvotes, $0
  29. SSRF on music.line.me through getXML.php to LY Corporation - 128 upvotes, $0
  30. SSRF In Get Video Contents to Semrush - 117 upvotes, $0
  31. Full read SSRF via Lark Docs import as docs feature to Lark Technologies - 114 upvotes, $5000
  32. XXE Injection through SVG image upload leads to SSRF to Zivver - 112 upvotes, $0
  33. SSRF in https://couriers.indrive.com/api/file-storage to inDrive - 104 upvotes, $2000
  34. Blind SSRF on https://my.exnessaffiliates.com/ allows for internal network enumeration to EXNESS - 103 upvotes, $0
  35. SSRF on image renderer to PlayStation - 98 upvotes, $1000
  36. [city-mobil.ru] SSRF & limited LFR on /taxiserv/photoeditor/save endpoint via base64 POST parameter to Mail.ru - 95 upvotes, $0
  37. SSRF via Office file thumbnails to Slack - 93 upvotes, $4000
  38. Blind SSRF in horizon-heat to Mail.ru - 91 upvotes, $2500
  39. Server Side Request Forgery (SSRF) in webhook functionality to HackerOne - 90 upvotes, $2500
  40. SSRF in api.slack.com, using slash commands and bypassing the protections. to Slack - 78 upvotes, $0
  41. SSRF and LFI in site-audit tool to Semrush - 77 upvotes, $0
  42. SSRF на https://qiwi.com с помощью "Prerender HAR Capturer" to QIWI - 77 upvotes, $0
  43. Blind SSRF in emblem editor (2) to Rockstar Games - 73 upvotes, $1500
  44. LFI and SSRF via XXE in emblem editor to Rockstar Games - 71 upvotes, $1500
  45. SVG Server Side Request Forgery (SSRF) to Shopify - 70 upvotes, $500
  46. Sending Emails from DNSDumpster - Server-Side Request Forgery to Internal SMTP Access to Hacker Target - 69 upvotes, $0
  47. SSRF in CI after first run to GitLab - 69 upvotes, $0
  48. Blind SSRF on debug.nordvpn.com due to misconfigured sentry instance to Nord Security - 65 upvotes, $0
  49. GitLab::UrlBlocker validation bypass leading to full Server Side Request Forgery to GitLab - 63 upvotes, $0
  50. SSRF and local file disclosure by video upload on https://www.redtube.com/upload to Pornhub - 61 upvotes, $500
  51. [SSRF] Server-Side Request Forgery at https://sea-web.gold.razer.com/dev/simulator via notify_url Parameter to Razer - 60 upvotes, $2000
  52. Blind SSRF on https://labs.data.gov/dashboard/Campaign/json_status/ Endpoint to GSA Bounty - 59 upvotes, $300
  53. SSRF with information disclosure to Lark Technologies - 59 upvotes, $0
  54. SSRF and local file disclosure in https://wordpress.com/media/videos/ via FFmpeg HLS processing to Automattic - 58 upvotes, $0
  55. Libuv: Improper Domain Lookup that potentially leads to SSRF attacks to Internet Bug Bounty - 57 upvotes, $4860
  56. connect.8x8.com: Blind SSRF via /api/v2/chats/image-check allows for Internal Ports scan to 8x8 Bounty - 57 upvotes, $0
  57. [tanks.mail.ru] SSRF + Кража cookie to Mail.ru - 55 upvotes, $750
  58. Blind SSRF in magnum upgrade_params to Mail.ru - 54 upvotes, $2500
  59. SSRF and local file disclosure by video upload on https://www.tube8.com/ to Pornhub - 53 upvotes, $500
  60. FogBugz import attachment full SSRF requiring vulnerability in *.fogbugz.com to GitLab - 52 upvotes, $0
  61. Get-based SSRF limited to HTTP protocol on https://resizer.line-apps.com/form to LY Corporation - 51 upvotes, $1350
  62. [Kafka Connect] [JdbcSinkConnector][HttpSinkConnector] RCE by leveraging file upload via SQLite JDBC driver and SSRF to internal Jolokia to Aiven Ltd - 50 upvotes, $5000
  63. SSRF - Unchecked Snippet IDs for distributed files to Open-Xchange - 49 upvotes, $1500
  64. SSRF in VCARD photo upload functionality to Open-Xchange - 49 upvotes, $850
  65. SSRF in hatchful.shopify.com to Shopify - 49 upvotes, $500
  66. Blind SSRF at https://chaturbate.com/notifications/update_push/ to Chaturbate - 49 upvotes, $0
  67. BLIND SSRF ON http://jsgames.mail.ru via avaOp parameter to Mail.ru - 49 upvotes, $0
  68. Blind SSRF External Interaction on ████████ to MTN Group - 49 upvotes, $0
  69. Blind SSRF on platform.dash.cloudflare.com Due to Sentry misconfiguration to Cloudflare Public Bug Bounty - 49 upvotes, $0
  70. SSRF By adding a custom integration on console.helium.com to Helium - 48 upvotes, $500
  71. Internal SSRF bypass using slash commands at api.slack.com to Slack - 47 upvotes, $500
  72. SMB SSRF in emblem editor exposes taketwo domain credentials, may lead to RCE to Rockstar Games - 46 upvotes, $1500
  73. SSRF to read AWS metaData at https://█████/ [HtUS] to U.S. Dept Of Defense - 46 upvotes, $1000
  74. SSRF vulnerability can be exploited when a hijacked aggregated api server such as metrics-server returns 30X to Kubernetes - 46 upvotes, $1000
  75. SSRF in https://imgur.com/vidgif/url to Imgur - 46 upvotes, $0
  76. Bypass of the SSRF protection in Event Subscriptions parameter. to Slack - 46 upvotes, $0
  77. SSRF to Mail.ru - 44 upvotes, $0
  78. SSRF - Blacklist bypass for mail account addition to Open-Xchange - 43 upvotes, $500
  79. SSRF in the application's image export functionality to Visma Public - 42 upvotes, $250
  80. Internal Blind Server-Side Request Forgery (SSRF) allows scanning internal ports to Mozilla - 42 upvotes, $0
  81. Bypassing domain deny_list rule in Smokescreen via trailing dot leads to SSRF to Stripe - 41 upvotes, $1500
  82. SSRF - Image Sources in HTML Snippets - 727234 bypass to Open-Xchange - 41 upvotes, $400
  83. SSRF in alerts.newrelic.com exposes entire internal network to New Relic - 39 upvotes, $0
  84. Server-Side Request Forgery (SSRF) in Ghost CMS to Node.js third-party modules - 39 upvotes, $0
  85. SSRF - Office Documents - Image URL to Open-Xchange - 37 upvotes, $450
  86. SSRF - URL Attachments - 725307 bypass to Open-Xchange - 37 upvotes, $400
  87. SSRF in Functional Administrative Support Tool pdf generator (████) [HtUS] to U.S. Dept Of Defense - 36 upvotes, $4000
  88. Blind SSRF на calendar.mail.ru при импорте календаря to Mail.ru - 36 upvotes, $0
  89. blind Server-Side Request Forgery (SSRF) allows scanning internal ports to Elastic - 36 upvotes, $0
  90. SSRF and local file disclosure by video upload on http://www.youporn.com/ to Pornhub - 35 upvotes, $500
  91. SSRF in Search.gov via ?url= parameter to GSA Bounty - 35 upvotes, $150
  92. Grafana SSRF in grafana.instamart.ru to Mail.ru - 35 upvotes, $0
  93. DNS pin middleware can be tricked into DNS rebinding allowing SSRF to Nextcloud - 35 upvotes, $0
  94. Injection of http.\<url\>.* git config settings leading to SSRF to GitLab - 34 upvotes, $3000
  95. MCS Graphite SSRF: internal network access to Mail.ru - 34 upvotes, $2500
  96. SSRF at jira.plazius.ru - CVE-2019-8451 to Mail.ru - 34 upvotes, $0
  97. FULL SSRF to Acronis - 34 upvotes, $0
  98. Blind SSRF in Mail App to Nextcloud - 34 upvotes, $0
  99. Blind SSRF on [relap.io] to Mail.ru - 33 upvotes, $1000
  100. SSRF - RSS feed, blacklist bypass (301 re-direct) to Open-Xchange - 33 upvotes, $850
  101. Blind SSRF at packagist.maximum.nl to Radancy - 33 upvotes, $0
  102. SSRF on http://www.███████/crossdomain.php via url parameter to Sony - 33 upvotes, $0
  103. SSRF - RSS feed, blacklist bypass (IP Formatting) to Open-Xchange - 32 upvotes, $850
  104. SSRF & Blind XSS in Gravatar email to Automattic - 32 upvotes, $0
  105. Blind SSRF in social-plugins.line.me to LY Corporation - 31 upvotes, $100
  106. SSRF in https://www.zomato.com████ allows reading local files and website source code to Zomato - 31 upvotes, $0
  107. SSRF via filter bypass due to lax checking on IPs to Nextcloud - 29 upvotes, $250
  108. SSRF allows reading AWS EC2 metadata using "readapi" variable in Streamlabs Cloudbot to Logitech - 29 upvotes, $200
  109. Open redirect bypass & SSRF Security Vulnerability to Smule - 29 upvotes, $0
  110. [data-07.uberinternal.com] SSRF in Portainer app lead to access to Internal Docker API without Auth to Uber - 28 upvotes, $500
  111. Blind SSRF in "Integrations" by abusing a bug in Ruby's native resolver. to HackerOne - 28 upvotes, $0
  112. SSRF at ideas.starbucks.com to Starbucks - 28 upvotes, $0
  113. SSRF vulnerability on ██████████ leaks internal IP and various sensitive information to U.S. Dept Of Defense - 28 upvotes, $0
  114. SSRF via potential filter bypass with too lax local domain checking to Nextcloud - 27 upvotes, $250
  115. SSRF in upload IMG through URL to Discourse - 27 upvotes, $64
  116. SSRF in notifications.server configuration to Phabricator - 26 upvotes, $300
  117. Full read SSRF in flyte-poc-us-east4.uberinternal.com to Uber - 25 upvotes, $2000
  118. Blind SSRF [ Sentry Misconfiguraton ] to Mail.ru - 25 upvotes, $0
  119. SSRF in imgur video GIF conversion to Imgur - 25 upvotes, $0
  120. GitLab's GitHub integration is vulnerable to SSRF vulnerability to GitLab - 24 upvotes, $2000
  121. Bypass for blind SSRF #281950 and #287496 to Infogram - 24 upvotes, $0
  122. Non-production Open Database In Combination With XXE Leads To SSRF to Evernote - 23 upvotes, $0
  123. [Plazius] SSRF через некорректно сконфигурированный Fiddler 46.148.201.206:10121 to Mail.ru - 23 upvotes, $0
  124. SSRF to AWS file read to Topcoder - 23 upvotes, $0
  125. SSRF to Cloudflare Vulnerability Disclosure - 22 upvotes, $0
  126. SSRF vulnerability on proxy.duckduckgo.com (access to metadata server on AWS) to DuckDuckGo - 22 upvotes, $0
  127. [Uppy] Internal Server side request forgery (bypass of #786956) to Node.js third-party modules - 22 upvotes, $0
  128. Unauthenticated Blind SSRF at https://█████ via xmlrpc.php file to U.S. Dept Of Defense - 22 upvotes, $0
  129. ssrf xspa [https://prt.mail.ru/] 2 to Mail.ru - 21 upvotes, $150
  130. SSRF on █████████ Allowing internal server data access to U.S. Dept Of Defense - 21 upvotes, $0
  131. SSRF & unrestricted file upload on https://my.stripo.email/ to Stripo Inc - 21 upvotes, $0
  132. Server Side Request Forgery in Uppy npm module to Node.js third-party modules - 21 upvotes, $0
  133. SSRF for kube-apiserver cloudprovider scene to Kubernetes - 21 upvotes, $0
  134. SSRF in /appsuite/api/autoconfig to Open-Xchange - 20 upvotes, $850
  135. Wordpress 4.7 - CSRF -> HTTP SSRF any private ip:port and basic-auth to WordPress - 20 upvotes, $0
  136. SSRF on jira.mariadb.org to MariaDB - 20 upvotes, $0
  137. Blind HTTP GET SSRF via website icon fetch (bypass of pull#812) to Bitwarden - 20 upvotes, $0
  138. SSRF external interaction to Stripo Inc - 20 upvotes, $0
  139. Half-Blind SSRF found in kube/cloud-controller-manager can be upgraded to complete SSRF (fully crafted HTTP requests) in vendor managed k8s service. to Kubernetes - 19 upvotes, $5000
  140. Server side request forgery on image upload for lists to Instacart - 19 upvotes, $50
  141. Infrastructure - Photon - SSRF to WordPress - 19 upvotes, $0
  142. SSRF at iris.lystit.com to Lyst - 19 upvotes, $0
  143. CRLF injection & SSRF in git:// protocal lead to arbitrary code execution to GitLab - 19 upvotes, $0
  144. Blind SSRF in ads.tiktok.com to TikTok - 19 upvotes, $0
  145. Bypassing Whitelist to perform SSRF for internal host scanning to U.S. Department of State - 19 upvotes, $0
  146. Server side request forgery (SSRF) on nextcloud implementation. to Nextcloud - 18 upvotes, $0
  147. Additional bypass allows SSRF for internal netblocks to HackerOne - 18 upvotes, $0
  148. Bypassing HTML filter in "Packing Slip Template" Lead to SSRF to Internal Kubernetes Endpoints to Shopify - 18 upvotes, $0
  149. Blind SSRF on sentry.dev-my.com due to Sentry misconfiguration to Mail.ru - 17 upvotes, $500
  150. SSRF protection bypass to Nextcloud - 17 upvotes, $100
  151. SSRF vulnerability in gitlab.com via project import. to GitLab - 17 upvotes, $0
  152. SSRF thru File Replace to Concrete CMS - 17 upvotes, $0
  153. SSRF On [ allods.mail.ru ] to Mail.ru - 17 upvotes, $0
  154. SSRF in img.lemlist.com that leads to Localhost Port Scanning to lemlist - 17 upvotes, $0
  155. [la.mail.ru] - SSRF + кража cookie to Mail.ru - 16 upvotes, $750
  156. SSRF + RCE через fastCGI в POST /api/nr/video to Mail.ru - 16 upvotes, $0
  157. Potential SSRF in sales.mail.ru to Mail.ru - 15 upvotes, $300
  158. Unauthenticated SSRF in 3rd party module "cerdic/csstidy" to Nextcloud - 15 upvotes, $250
  159. SSRF in https://cards-dev.twitter.com/validator to X (Formerly Twitter) - 15 upvotes, $0
  160. SSRF на https://target.my.com/ to Mail.ru - 14 upvotes, $800
  161. SSRF allows access to internal services like Ganglia to Dropbox - 14 upvotes, $729
  162. SSRF via webhook to Mixmax - 14 upvotes, $0
  163. SSRF issue in "URL target" allows [REDACTED] to Zendesk - 14 upvotes, $0
  164. SSRF in proxy.duckduckgo.com via the image_host parameter to DuckDuckGo - 14 upvotes, $0
  165. Blind SSRF in Ticketing Integrations Jira webhooks leading to internal network enumeration and blind HTTP requests to New Relic - 14 upvotes, $0
  166. Blind SSRF on synthetics.newrelic.com to New Relic - 13 upvotes, $0
  167. Internal Ports Scanning via Blind SSRF to New Relic - 13 upvotes, $0
  168. SSRF restricted to HTTP/HTML on LINE Social Plugins (https://social-plugins.line.me/) to LY Corporation - 13 upvotes, $0
  169. Blind SSRF as normal user from mailapp to Nextcloud - 13 upvotes, $0
  170. SSRF protection bypass in /appsuite/api/oxodocumentfilter addfile action to Open-Xchange - 12 upvotes, $550
  171. Bypass of the SSRF protection (Slack commands, Phabricator integration) to Slack - 12 upvotes, $100
  172. SSRF on testing endpoint to APITest.IO - 12 upvotes, $0
  173. Server-Side Request Forgery in "icons.bitwarden.net" to Bitwarden - 12 upvotes, $0
  174. Golang : Improvements to Golang SSRF query to GitHub Security Lab - 12 upvotes, $0
  175. SSRF In plantuml (on plantuml.pre.gitlab.com) to GitLab - 12 upvotes, $0
  176. Blind SSRF on velodrome.canary.k8s.io to Kubernetes - 12 upvotes, $0
  177. SSRF bypass to Concrete CMS - 12 upvotes, $0
  178. SSRF and local file read in video to gif converter to Imgur - 11 upvotes, $0
  179. Internal Ports Scanning via Blind SSRF to Infogram - 11 upvotes, $0
  180. [et.mail.ru] ssrf 2 to Mail.ru - 11 upvotes, $0
  181. SSRF when importing a project from a git repo by URL to GitLab - 11 upvotes, $0
  182. H1514 Shopify API ruby SDK session setup lacks input validation, resulting in SSRF and leakage of client secret to Shopify - 11 upvotes, $0
  183. SSRF in Export template to ActiveCampaign to Stripo Inc - 11 upvotes, $0
  184. SSRF into Shared Runner, by replacing dockerd with malicious server in Executor to GitLab - 11 upvotes, $0
  185. Responsive Server-side Request Forgery (SSRF) to Nextcloud - 11 upvotes, $0
  186. Blind SSRF in /appsuite/api/oxodocumentfilter&action=addfile to Open-Xchange - 10 upvotes, $550
  187. SSRF на api.icq.net to Mail.ru - 10 upvotes, $500
  188. Server side request forgery to Mail.ru - 10 upvotes, $0
  189. [h1-415 2020] SSRF in a headless chrome with remote debugging leads to sensible information leak to h1-ctf - 10 upvotes, $0
  190. SSRF vulnerablity in app webhooks to Dropbox - 9 upvotes, $512
  191. Server-Side request forgery in New-Subscription feature of the calendar app to Nextcloud - 9 upvotes, $100
  192. SSRF occurrence in website preview used by LINE Official Account Manager (https://manager.line.biz) to LY Corporation - 9 upvotes, $100
  193. SSRF (open) - via GET request to VK.com - 9 upvotes, $0
  194. Internal Ports Scanning via Blind SSRF (URL Redirection to beat filter) to Infogram - 9 upvotes, $0
  195. Server Side Request Forgery on JSON Feed to Infogram - 9 upvotes, $0
  196. SSRF vulnerability in gitlab.com webhook to GitLab - 9 upvotes, $0
  197. Blind SSRF on image proxy camo.stream.highwebmedia.com to Chaturbate - 9 upvotes, $0
  198. SSRF in ███████ to U.S. Dept Of Defense - 9 upvotes, $0
  199. Bypassing domain deny_list rule in Smokescreen via double brackets [[]] which leads to SSRF to Stripe - 9 upvotes, $0
  200. Mail app - blind SSRF via imapHost parameter to Nextcloud - 9 upvotes, $0
  201. Server Side Request Forgery In Video to GIF Functionality to Imgur - 8 upvotes, $0
  202. Potential SSRF and disclosure of sensitive site on *shopifycloud.com to Shopify - 8 upvotes, $0
  203. SSRF on infawiki.informatica.com and infawikitest.informatica.com to Informatica - 8 upvotes, $0
  204. Server-Side Request Forgery (SSRF) to U.S. Dept Of Defense - 8 upvotes, $0
  205. SSRF in /cabinet/stripeapi/v1/siteInfoLookup?url=XXX to Stripo Inc - 8 upvotes, $0
  206. Blind SSRF on http://info.ucs.ru/settings/check/ to Mail.ru - 8 upvotes, $0
  207. Server Side Request Forgery in 'Jabber settings' in Admin Control Panel to phpBB - 8 upvotes, $0
  208. [usuppliers.uber.com] - Server Side Request Forgery via XXE OOB to Uber - 8 upvotes, $0
  209. Full read SSRF at █████████ [HtUS] to U.S. Dept Of Defense - 8 upvotes, $0
  210. SSRF & XSS (W3 Total Cache) to Pornhub - 7 upvotes, $1000
  211. SSRF / Local file enumeration / DoS due to improper handling of certain file formats by ffmpeg to Imgur - 7 upvotes, $0
  212. SSRF on synthetics.newrelic.com permitting access to sensitive data to New Relic - 7 upvotes, $0
  213. GET /api/v2/url_info endpoint is vulnerable to Blind SSRF to Automattic - 7 upvotes, $0
  214. SSRF in www.ucs.ru to Mail.ru - 7 upvotes, $0
  215. Server Side Request Forgery to Lark Technologies - 7 upvotes, $0
  216. SSRF due to CVE-2021-26855 on ████████ to U.S. Dept Of Defense - 7 upvotes, $0
  217. Blind SSRF via image upload URL downloader on https://██████/ to U.S. Dept Of Defense - 7 upvotes, $0
  218. Mail app - Blind SSRF via Sierve server fonctionnality and sieveHost parameter to Nextcloud - 7 upvotes, $0
  219. Mail app - blind SSRF via smtpHost parameter to Nextcloud - 7 upvotes, $0
  220. Blind SSRF in FogBugz project import to GitLab - 7 upvotes, $0
  221. SSRF in the Connector Designer (REST and Elastic Search) to Bime - 6 upvotes, $0
  222. Blind SSRF due to img tag injection in career form to Mixmax - 6 upvotes, $0
  223. Potensial SSRF via Git repository URL to GitLab - 6 upvotes, $0
  224. SSRF on ████████ to U.S. Dept Of Defense - 6 upvotes, $0
  225. Blind SSRF at https://chat.makerdao.com/account/profile to BlockDev Sp. Z o.o - 6 upvotes, $0
  226. Bypass of SSRF Vulnerability to Node.js third-party modules - 6 upvotes, $0
  227. [Java] CWE-918: Added URLClassLoader and WebClient SSRF sinks to GitHub Security Lab - 6 upvotes, $0
  228. [Python]: Add Server-side Request Forgery sinks to GitHub Security Lab - 6 upvotes, $0
  229. Local file disclosure through SSRF at next.nutanix.com to Nutanix - 6 upvotes, $0
  230. SSRF mitigation bypass using DNS Rebind attack to Concrete CMS - 6 upvotes, $0
  231. SSRF via 'Add Image from URL' feature to Shopify - 5 upvotes, $0
  232. Dropbox apps Server side request forgery to Dropbox - 5 upvotes, $0
  233. Server Side Request Forgery (SSRF) vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  234. Possible SSRF at URL Parameter while creating a new package repository to GoCD - 5 upvotes, $0
  235. SSRF on local storage of iOS mobile to Nextcloud - 5 upvotes, $0
  236. Blind SSRF while Creating Templates to Stripo Inc - 5 upvotes, $0
  237. C# : Add query to detect Server Side Request Forgery to GitHub Security Lab - 5 upvotes, $0
  238. [Java]: Add JDBC connection SSRF sinks to GitHub Security Lab - 5 upvotes, $0
  239. SSRF ACCESS AWS METADATA - █████ to U.S. Dept Of Defense - 5 upvotes, $0
  240. Yet another SSRF query for Go to GitHub Security Lab - 4 upvotes, $450
  241. Yet another SSRF query for Go to GitHub Security Lab - 4 upvotes, $450
  242. SSRF - Guard - Unchecked HKP servers to Open-Xchange - 4 upvotes, $400
  243. SSRF - Guard - Unchecked WKS servers to Open-Xchange - 4 upvotes, $400
  244. SSRF vulnerability (access to metadata server on EC2 and OpenStack) to Phabricator - 4 upvotes, $300
  245. connect.mail.ru: SSRF to Mail.ru - 4 upvotes, $300
  246. Yet another SSRF query for Javascript to GitHub Security Lab - 4 upvotes, $250
  247. XXE and SSRF on webmaster.mail.ru to Mail.ru - 4 upvotes, $0
  248. SSRF on https://whitehataudit.slack.com/account/photo to Slack - 4 upvotes, $0
  249. Bypass of anti-SSRF defenses in YahooCacheSystem (affecting at least YQL and Pipes) to Yahoo! - 4 upvotes, $0
  250. SSRF via 'Insert Image' feature of Products/Collections/Frontpage to Shopify - 4 upvotes, $0
  251. SSRF issue to Bime - 4 upvotes, $0
  252. WebLogic Server Side Request Forgery to U.S. Dept Of Defense - 4 upvotes, $0
  253. [Limited bypass of #793704] Blind SSRF in Ghost CMS to Node.js third-party modules - 4 upvotes, $0
  254. SSRF in my.stripo.email to Stripo Inc - 4 upvotes, $0
  255. SSRF via Export Service in ActiveCampaign to Stripo Inc - 4 upvotes, $0
  256. Java: Add SSRF query for Java to GitHub Security Lab - 4 upvotes, $0
  257. SSRF via maliciously crafted URL due to host confusion to curl - 4 upvotes, $0
  258. CVE-2021-26855 on ████████ resulting in SSRF to U.S. Dept Of Defense - 4 upvotes, $0
  259. Blind SSRF on infodesk.engelvoelkers.com via proxy.php to Engel & Völkers Technology GmbH - 4 upvotes, $0
  260. Yet another SSRF query for Go to GitHub Security Lab - 4 upvotes, $0
  261. SSRF due to CVE-2021-27905 in www.████████ to U.S. Dept Of Defense - 4 upvotes, $0
  262. SSRF - pivoting in the private LAN to Concrete CMS - 4 upvotes, $0
  263. SSRF через Share-ботов to VK.com - 3 upvotes, $300
  264. Yet another SSRF query for Javascript to GitHub Security Lab - 3 upvotes, $250
  265. SSRF (Portscan) via Register Function (Custom Server) to RelateIQ - 3 upvotes, $0
  266. Server Side Request Forgery in macro creation to Phabricator - 3 upvotes, $0
  267. Internal GET SSRF via CSRF with Press This scan feature to Automattic - 3 upvotes, $0
  268. SSRF at apps.nextcloud.com/developer/apps/releases/new to Nextcloud - 3 upvotes, $0
  269. https://████████ Impacted by DNN ImageHandler SSRF to U.S. Dept Of Defense - 3 upvotes, $0
  270. Yet another SSRF query for Javascript to GitHub Security Lab - 3 upvotes, $0
  271. Yet another SSRF query for Go to GitHub Security Lab - 3 upvotes, $0
  272. Yet another SSRF query for Javascript to GitHub Security Lab - 3 upvotes, $0
  273. [CVE-2022-35949]: undici.request vulnerable to SSRF using absolute / protocol-relative URL on pathname to Internet Bug Bounty - 3 upvotes, $0
  274. Server-side request forgery (ssrf) to Yelp - 3 upvotes, $0
  275. ssrf xspa [https://prt.mail.ru/] to Mail.ru - 2 upvotes, $150
  276. Server Side Request Forgery to Yahoo! - 2 upvotes, $0
  277. SSRF via git Repo by URL Abuse to GitLab - 2 upvotes, $0
  278. SSRF in rompager-check to Hanno's projects - 2 upvotes, $0
  279. SSRF Possible through /wordpress/xmlrpc.php to Ian Dunn - 2 upvotes, $0
  280. SSRF in login page using fetch API exposes victims IP address to attacker controled server to U.S. Dept Of Defense - 2 upvotes, $0
  281. CodeQL query to detect SSRF in Python to GitHub Security Lab - 1 upvotes, $500
  282. Java: CWE-918 - Server Side Request Forgery (SSRF) to GitHub Security Lab - 1 upvotes, $250
  283. [allods.my.com] SSRF / XSPA to Mail.ru - 1 upvotes, $150
  284. SSRF на element.mail.ru to Mail.ru - 1 upvotes, $0
  285. Possible SSRF in email server settings(SMTP mode) to Nextcloud - 1 upvotes, $0
  286. SSRF leads to internal port scan to Stripo Inc - 1 upvotes, $0