A researcher discovered a Server-Side Request Forgery (SSRF) vulnerability using DNS rebinding to bypass IP-based access controls, escalating through AWS metadata enumeration and Monit admin interface exploitation to achieve instance shutdown and memory disclosure. The writeup details the methodology, tool creation, and real-world exploitation chain that combined multiple vulnerabilities.
A researcher demonstrates an SSRF bypass technique against Microsoft's Bing Webmaster Central by using the nip.io DNS service to resolve non-standard loopback addresses (127.127.127.127) and bypass IP-based filters, allowing enumeration of internal ports and directories on the application server.
Multi-stage vulnerability chain exploiting GitHub credential leaks, password pattern analysis, and CVE-2019-11580 in outdated Atlassian Crowd to achieve RCE and internal network access at a major ICT company. The attacker combined reconnaissance, Google dorking, and public exploits to breach the internal network perimeter.
A researcher discovered a critical SSRF vulnerability in Google Sites/Caja that allowed fetching arbitrary content from Google's internal production network (Borg cluster infrastructure). By exploiting the server-side JavaScript resource fetching mechanism combined with a Google App Engine URL, they gained unauthorized access to internal Borglet monitoring pages and sensitive configuration data including job details, resource allocation, and system architecture information.