-
See-SURF -
#Python Based#Scanner To Find Potential#SSRF Parameters: https://amp.kitploit.com/2020/01/see-surf-python-based-scanner-to-find.html?amp=1&m=1 … -
"Mitigation can be difficult, but the best solutions depend on a variety of controls to help prevent issues from known and unknown SSRF vulnerabilities" Dan Ritter looks into the many faces of Server-Side Request Forgery (
#SSRF) in his latest article -> http://getsec.in/ssrf -
Damn, that's some great info on
#SSRF, thanks@Serial_Pwny_Sec -
Prediction:
#ssrf will make top 5 in the next#OWASPtop10https://twitter.com/rootxharsh/status/1222349941781057538 …
-
#SSRF Write-ups https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdriver … https://link.medium.com/yGqiCKIoA2 https://link.medium.com/zxEYgRFOX2 https://geleta.eu/2019/my-first-ssrf-using-dns-rebinfing/ … https://jin0ne.blogspot.com/2019/11/bugbounty-simple-ssrf.html … https://jin0ne.blogspot.com/2019/11/bugbounty-simple-ssrf.html … https://link.medium.com/CU6NUXOOX2#bugbounty,#bugbountytips -
Published a short blogpost about how the introduction of
#IMDSv2 affects#SSRF attempts on#AWS#EC2 instances, especially when attempting to retrieve#metadata information. https://blog.appsecco.com/server-side-request-forgery-ssrf-and-aws-ec2-instances-after-instance-meta-data-service-version-38fc1ba1a28a …#reInvent2019#cloudsecurity#owasp cc:@appseccouk -
Just exploited an
#SSRF issue to access#elasticsearch (juicy) data; Some useful resources in case of needs: https://gist.github.com/jhaddix/78cece26c91c6263653f31ba453e273b … / https://medium.com/@bromiley/exploiting-elasticsearch-c83825708ce1 … / https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster.html …#Pentesting -
#SSRF Bypass if the WAF blocks exact file:///etc/passwd try file:///etc/./passwd#BugBountyPrikaži ovu nit -
#Bug_Bounty_Tip#SSRF A side from the old tricks to bypass 127.0.0.1 being blacklisted (i.e. 127.1, ::80, A record pointing to localhost etc). Have learned that INET_A(P)TON would consider any IP within the range of 127.0.0.1/8 the same as localhost i.e.~# curl 127.4.142.123Prikaži ovu nit -
And some of you know my "simple-oob-scanner" tool, which I used to find some
#SSRF on Starbucks and other ressources. My private tool for this was also released some minutes ago: https://github.com/Damian89/extended-ssrf-search …#bugbountytips#pentest#hackerone -
Pown-Duct - Essential Tool For Finding Blind Injection Attacks http://j.mp/2YagdZA
#InjectionAttacks#Linux#PownDuct#Resolver#SSRF pic.twitter.com/YfOiiAJ2Ev
-
#BugBounty#bugbounties#bugbountytip#infosec Bypass#SSRF filters by using http://127.1 instead of http://127.0.0.1 It resolves to the same but confuses filters blocking localhost/127.0.0.1 specifically! -
One more of my series "SSRF Tips"
#SSRF#BugBounty#bugbountytip#bugbountytipsTraduzirhttps://medium.com/@elberandre/ssrf-trick-ssrf-xspa-in-microsofts-bing-webmaster-central-8015b5d487fb …Prikaži ovu nit -
Did you find the
#SSRF, but http://169.254.169.254/ is blacklisted?#protip try http://0xA9FEA9FE/, http://0251.0376.0251.0376/ or get more examples from@agarri_fr talkhttps://www.youtube.com/watch?v=TrBUrVDlc20&feature=youtu.be&t=27m55s … -
Automatic SSRF fuzzer and exploitation tool https://github.com/swisskyrepo/SSRFmap …
#ssrf#BugBounty -
#SSRF@Burp_Suite extension is almost done@pentest_swissky your modules are awesome man, I've used them
pic.twitter.com/8DiBL54U0Y
-
I just published $1.000 SSRF in Slack
#bugbounty#ssrf#hackeronehttps://link.medium.com/OuzMUwbgnU
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.