Tag feed

#ssrf

39 posts6 followers

Trending tags this week

🔪 The AWS Autopsy | Case #01 — SSRF to IAM Credential Theft - Capital-One

May 6 · 10 min read · How One Misconfigured WAF Cost Capital One $80 Million Series: The AWS Autopsy — Real Cloud Breaches, Dissected Difficulty: Intermediate Lab Time: ~45 minutes AWS Cost: Near zero (t2.micro — free tie

Join discussion

JJebitoksharonjebitok.com

0

Plant Photographer (TryHackMe)

May 6 · 14 min read · Plant Photographer is a TryHackMe challenge built around a botanist's personal portfolio website running on Werkzeug/Python. The box covers three main vulnerability classes: SSRF (Server-Side Request

Join discussion

KEkingsley ebube onohkingsleyonoh.hashnode.dev

0

I Spent a Week Securing Webhook Ingestion. The Real Attack Surface Was Delivery.

Apr 18 · 7 min read · I ran the security review two weeks after the first deployment. The ingestion side looked solid: HMAC signature verification using crypto.timingSafeEqual, rate limiting at 1,000 requests per minute, payload size capped at 1MB, idempotency deduplicati...

Join discussion

EEibeib.hashnode.dev

0

Crafting a Full Read SSRF: A Journey Through Oauth DCR, Open URL Redirects, and Path Normalization

Apr 6 · 8 min read · The Bug This blog post outlines the chains of multiple gadgets to achieve a full read ssrf on a target. Open Dynamic client registration on the MCP server to create an open redirect gadget Path norm

Join discussion

JJebitoksharonjebitok.com

0

Message to Garcia (TryHackMe)

Mar 7 · 12 min read · Introduction In 1899, Elbert Hubbard wrote a short essay that would outlive him by over a century. It told the story of Lt. Andrew Rowan, a soldier given one mission: deliver a message to General Garc

Join discussion

EEibeib.hashnode.dev

0

Full Read SSRF in a PDF generation feature to read data from Internal domains

Feb 7 · 6 min read · The Bug The bug is a server-side request forgery vulnerability in a PDF generation feature that enabled me to read data from internal domains that are not publicly reachable The Journey I’ve been working on this application for three months now, and ...

Join discussion

ASAmirmohammad Safariblog.voorivex.team

0

Shaking the MCP Tree: A Security Deep Dive

Feb 3 · 14 min read · AI is moving fast. Companies are racing to connect their services to AI assistants, shipping integrations as quickly as possible to stay ahead. But when speed is the priority, security often gets left behind. In this post, I'll show you what happens ...

Join discussion

JJebitoksharonjebitok.com

0

Surfer - SSRF (TryHackMe)

Jan 30 · 4 min read · Introduction: Web app with hidden internal pages. The challenge mentions an SSRF vulnerability. Goal: Access restricted admin functionality. What You Did: Login with default creds (admin/admin) Found export2pdf.php endpoint that accepts URLs Explo...

Join discussion

BBBold BI by Syncfusionboldbi.hashnode.dev

0

Bolstering Security: Configuring Domains to Ward Off SSRF

Jan 28 · 4 min read · In today’s interconnected digital landscape, web application security is paramountly important. Server-Side Request Forgery threatens web application integrity and confidentiality. This draft explains configuring known domains to mitigate SSRF risks ...

Join discussion

MSmaulik srivastavapub.nexttechlabap.in

0

Deconstructing SSRF+SSTI vulns to gain RCE in a Message Broker environment

Jan 22 · 12 min read · Description: Rabbit Store is medium level machine from tryhackme to test your basic web testing skills and Linux basics. it can be conquered if u have understanding of SSRF and SSTI vulnerabilities to achieve RCE gain access to shell. Therefore, retr...

Join discussion

#ssrf

Search Hashnode

#ssrf

Trending tags this week

🔪 The AWS Autopsy | Case #01 — SSRF to IAM Credential Theft - Capital-One

Plant Photographer (TryHackMe)

I Spent a Week Securing Webhook Ingestion. The Real Attack Surface Was Delivery.

Crafting a Full Read SSRF: A Journey Through Oauth DCR, Open URL Redirects, and Path Normalization

Message to Garcia (TryHackMe)

Full Read SSRF in a PDF generation feature to read data from Internal domains

Shaking the MCP Tree: A Security Deep Dive

Surfer - SSRF (TryHackMe)

Bolstering Security: Configuring Domains to Ward Off SSRF

Deconstructing SSRF+SSTI vulns to gain RCE in a Message Broker environment