Awesome
AllThingsSSRF
This is a collection of writeups, cheatsheets, videos, related to SSRF in one single location
This is currently work in progress I will add more resources as I find them.
Created By @jdonsec
Learn What is SSRF
-
Nahamsec/Daeken - OWNING THE CLOUT THROUGH SSRF AND PDF GENERATORS
-
Orange Tsai A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
-
SaN ThosH SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1
-
SaN ThosH SSRF — Server Side Request Forgery (Types and ways to exploit it) Part-2
Writeups
-
@albinowax Cracking the lens: targeting HTTP's hidden attack-surface [NEW Credit to @atul_hax]
-
@leonmugen: SSRF Reading Local Files from DownNotifier server
-
Exploiting SSRF like a Boss — Escalation of an SSRF to Local File Read!
-
Day Labs: SSRF attack using Microsoft's bing webmaster central
-
Elber Andre: SSRF Tips SSRF/XSPA in Microsoft’s Bing Webmaster Central
-
Valeriy Shevchenko: SSRF Vulnerability due to Sentry misconfiguration
-
Neeraj Sonaniya: Reading Internal Files using SSRF vulnerability
-
Pratik yadav: Ssrf to Read Local Files and Abusing the AWS metadata
-
Shorebreak Security: SSRF’s up! Real World Server-Side Request Forgery (SSRF)
-
Deepak Holani: Server Side Request Forgery(SSRF){port issue hidden approch }
-
Coen Goedegebure: How I got access to local AWS info via Jira
-
Corben Leo: Hacking the Hackers: Leveraging an SSRF in HackerTarget
-
Orange Tsai: How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
-
Peter Adkins: Pivoting from blind SSRF to RCE with HashiCorp Consul
-
Maxime Leblanc: Server-Side Request Forgery (SSRF) Attacks - Part 1: The basics
-
Maxime Leblanc: Server-Side Request Forgery (SSRF) Attacks — Part 2: Fun with IPv4 addresses
-
Maxime Leblanc: Server-Side Request Forgery (SSRF) — Part 3: Other advanced techniques
-
Maxime Leblanc: Privilege escalation in the Cloud: From SSRF to Global Account Administrator
-
Asterisk Labs: Server-side request forgery in Sage MicrOpay ESP
-
Alyssa Herrera: Piercing the Veil: Server Side Request Forgery to NIPRNet access
-
Contribution by $root: Whomai - Harsh Jaiswal: Vimeo SSRF with code execution potential.
Hackerone Reports
-
302885 ImageMagick GIF coder vulnerability leading to memory disclosure
-
392859 Sending Emails from DNSDumpster - Server-Side Request Forgery to Internal SMTP Access
-
395521 SSRF vulnerability on proxy.duckduckgo.com (access to metadata server on AWS)
-
285380 www.threatcrowd.org - SSRF : AWS private key disclosure
-
508459 SSRF in webhooks leads to AWS private keys disclosure
-
398799 Jobert Abma (jobert): Unauthenticated blind SSRF in OAuth Jira authorization controller
-
341876 André Baptista (0xacb): SSRF in Exchange leads to ROOT access in all instances
-
374737 ruvlol (ruvlol): Blind SSRF on errors.hackerone.net due to Sentry misconfiguration
-
386292 Elb (elber): Bypass of the SSRF protection in Event Subscriptions parameter
-
411865 Robinooklay: Blind SSRF at https://chaturbate.com/notifications/update_push/
-
517461 Ninja: Blind SSRF/XSPA on dashboard.lob.com + blind code injection
-
263169 Tung Pun: New Relic - Internal Ports Scanning via Blind SSRF
-
280511 Suresh Narvaneni: Server Side Request Forgery on JSON Feed
-
281950 Tung Pun: Infogram - Internal Ports Scanning via Blind SSRF
-
288183 Dr.Jones: SSRF bypass for https://hackerone.com/reports/285380 (query AWS instance)
-
288537 e3xpl0it: Server Side Request Forgery protection bypass № 2
-
145524 paglababa: Server side request forgery (SSRF) on nextcloud implementation.
-
115857 Slim Shady: SSRF and local file read in video to gif converter
Videos/POC
-
Black Hat: Viral Video - Exploiting SSRF in Video Converters
-
Muhammad Junaid: Yahoo SSRF and Local File Disclosure via FFmpeg
-
Muhammad Junaid: Flickr (Yahoo!) SSRF and Local File Disclosure
-
Crazy Danish Hacker: Server-Side Request Forgery (SSRF) - Web Application Security Series #1
-
Nahamsec: Owning the Clout through SSRF & PDF Generators - Defcon 27 - (SSRF on ads.snapchat.com)
-
Tutorials Point (India) Pvt. Ltd: Penetration Testing - Server Side Request Forgery (SSRF)
-
AppSec EU15 - Nicolas Gregoire - Server-Side Browsing Considered Harmful