Exploit for CVE-2014-4210

WebLogic-SSRFCVE-2014-4210 Weblogic SearchPublicRegistries SS...

CVE-2020-13650

An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery SSRF that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to ...

CVE-2019-18379

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery SSRF exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interfac...

Visualizer < 3.3.1 - Blind Server-Side Request Forgery (SSRF)

This plugin suffers from a blind SSRF vulnerability in the /wp-json/visualizer/v1/upload-data endpoint. curl -i -s -X $'POST' \ -H $'Host: 192.168.158.128:8000' \ --data-binary $'"url":"http://db:3306"' \ $'http://192.168.158.128:8000/wp-json/visualizer/v1/upload-data' See the references for...

h1-5411-CTF: Remote Command Execution in a internal server to get the flag file

Summary: After source code disclosure using a LFI vulnerability and using PHP object injection with XXE I was able to find an internal service at port 1337. Using the SSRF through XXE I sent a HTTP request to this internal service and discovered a python object injection using status parameter,...

CVE-2018-1000553

Trovebox version = 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed...