#ssrf

Mar 7 · 12 min read · Introduction In 1899, Elbert Hubbard wrote a short essay that would outlive him by over a century. It told the story of Lt. Andrew Rowan, a soldier given one mission: deliver a message to General Garc

Join discussion

EEibeib.hashnode.dev

0

Full Read SSRF in a PDF generation feature to read data from Internal domains

Feb 7 · 6 min read · The Bug The bug is a server-side request forgery vulnerability in a PDF generation feature that enabled me to read data from internal domains that are not publicly reachable The Journey I’ve been working on this application for three months now, and ...

Join discussion

ASAmirmohammad Safariblog.voorivex.team

0

Shaking the MCP Tree: A Security Deep Dive

Feb 3 · 14 min read · AI is moving fast. Companies are racing to connect their services to AI assistants, shipping integrations as quickly as possible to stay ahead. But when speed is the priority, security often gets left behind. In this post, I'll show you what happens ...

Join discussion

JJebitoksharonjebitok.com

0

Surfer - SSRF (TryHackMe)

Jan 30 · 4 min read · Introduction: Web app with hidden internal pages. The challenge mentions an SSRF vulnerability. Goal: Access restricted admin functionality. What You Did: Login with default creds (admin/admin) Found export2pdf.php endpoint that accepts URLs Explo...

Join discussion

BBBold BI by Syncfusionboldbi.hashnode.dev

0

Bolstering Security: Configuring Domains to Ward Off SSRF

Jan 28 · 4 min read · In today’s interconnected digital landscape, web application security is paramountly important. Server-Side Request Forgery threatens web application integrity and confidentiality. This draft explains configuring known domains to mitigate SSRF risks ...

Join discussion

MSmaulik srivastavapub.nexttechlabap.in

0

Deconstructing SSRF+SSTI vulns to gain RCE in a Message Broker environment

Jan 22 · 12 min read · Description: Rabbit Store is medium level machine from tryhackme to test your basic web testing skills and Linux basics. it can be conquered if u have understanding of SSRF and SSTI vulnerabilities to achieve RCE gain access to shell. Therefore, retr...

Join discussion

MSmaulik srivastavamooli.hashnode.dev

0

Conquering TryHackMe's:Rabbit_store

Jan 21 · 12 min read · Description: Rabbit Store is medium level machine from tryhackme to test your basic web testing skills and linux basics. it can be conquered if u have understanding of SSRF and SSTI vulnerabilities to achive RCEgain access to shell. Therefore, retrie...

Join discussion

KGKevin Gathukukevgathuku.dev

0

URL WTFs

Dec 14, 2025 · 9 min read · While working on an application that would accept user-provided URLs, it would be nice to test a wide range of URLs to figure out which ones to accept and which ones not to accept. Lots of security vulnerabilities might be hiding behind such simple f...

Join discussion

RRelunSecdssrf.hashnode.dev

0

Why SSRF Still Happens in 2025 — And How Node.js Developers Can Stop It

Dec 13, 2025 · 3 min read · Server-Side Request Forgery (SSRF) has been on every major vulnerability list for more than a decade, yet it continues to appear in real-world cloud incidents in 2025. Despite improved cloud defaults, better documentation, and more secure frameworks,...

Join discussion

RRadiantSecradiantsec.hashnode.dev

0

Era — HackTheBox Writeup

Nov 29, 2025 · 4 min read · Overview Era is a medium-difficulty HackTheBox machine focused on web exploitation, insecure direct object references (IDOR), database credential leaks, and stream-wrapper abuse leading to remote command execution. The foothold revolves around enumer...

Join discussion

Tag feed

Tag feed

#ssrf

Message to Garcia (TryHackMe)

Full Read SSRF in a PDF generation feature to read data from Internal domains