You can read these real world SSRF PoCs to better understand how the bug is exploited in the real world scenarios
ESEA Server-Side Request Forgery and Querying AWS Meta Dataarrow-up-right by Brett Buerhaus
SSRF to pivot internal networkarrow-up-right
SSRF to LFIarrow-up-right
SSRF to query google internal serverarrow-up-right
SSRF by using third party Open redirectarrow-up-right by Brett BUERHAUS
SSRF tips from BugBountyHQ of Imagesarrow-up-right
SSRF to RCEarrow-up-right
XXE at Twitterarrow-up-right
Blog post: Cracking the Lens: Targeting HTTP’s Hidden Attack-Surfacearrow-up-right
Reference: https://whoami.securitybreached.org/2019/06/03/guide-getting-started-in-bug-bounty-hunting/arrow-up-right
Last updated 4 years ago
