Real world report PoCs

You can read these real world SSRF PoCs to better understand how the bug is exploited in the real world scenarios

• ESEA Server-Side Request Forgery and Querying AWS Meta Data by Brett Buerhaus

• SSRF to pivot internal network

• SSRF to LFI

• SSRF to query google internal server

• SSRF by using third party Open redirect by Brett BUERHAUS

• SSRF tips from BugBountyHQ of Images

• SSRF to RCE

• XXE at Twitter

• Blog post: Cracking the Lens: Targeting HTTP’s Hidden Attack-Surface

Reference: https://whoami.securitybreached.org/2019/06/03/guide-getting-started-in-bug-bounty-hunting/