A Bug’z Life
Published in

A Bug’z Life

Exploiting an SSRF: Trials and Tribulations

I mostly wanted to share this post not because it’s a novel and unique attack, but to show the thought process of attacking this particular functionality, and understanding how the system works to identify what would and would not work. This post is covering an SSRF (Server Side Request Forgery) bug that was really fun to discover and exploit. It took a lot of work to figure out and to finally exploit.

The endpoint was actually sent to me to poke at by another fellow bug hunter, Ibram (after realizing we were on the same program). It was our first time…

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store