bug-bounty621
facebook431
xss316
google103
rce101
csrf60
microsoft59
web354
account-takeover53
writeup50
apple42
sqli41
cve35
ssrf34
exploit33
dos31
privilege-escalation28
defi28
cloudflare27
smart-contract-vulnerability25
idor24
subdomain-takeover24
ethereum23
clickjacking23
smart-contract23
vulnerability-disclosure21
access-control21
auth-bypass19
malware19
remote-code-execution18
lfi17
cors16
race-condition15
cloud15
reverse-engineering14
authentication-bypass14
solidity14
oauth12
browser12
info-disclosure12
aws12
sql-injection11
delegatecall11
denial-of-service11
phishing11
web-application-security10
vulnerability9
buffer-overflow9
web-security9
token-theft9
0
bug-bounty
A security researcher describes discovering and exploiting a Server-Side Request Forgery (SSRF) vulnerability using DNS rebinding techniques to bypass IP filtering, access AWS metadata endpoints, enumerate internal ports, and discover a buffer overread vulnerability in a Monit admin interface. The writeup details the exploitation chain and introduces dnsFookup, a GUI tool for automating DNS rebinding attacks.
ssrf
dns-rebinding
vulnerability
bug-bounty
aws-metadata
port-enumeration
buffer-overread
monit
ftp
security-research
dns-attack
CVE (Monit buffer overread)
AWS
Monit
OpenSSH
lock.cmpxchg8b.com/rebinder.html
Fireshell CTF 2019
dnsFookup
gel0.space
0
bug-bounty
A Server-Side Request Forgery (SSRF) vulnerability was discovered in DownNotifier that allowed enumeration of local services through XSPA attacks by bypassing loopback address filters using the 0.0.0.0 address. The vulnerability enabled detection of running services like FTP and HTTP on the server.
ssrf
server-side-request-forgery
xspa
cross-site-port-attack
bug-bounty
web-application-security
application-logic-bug
port-enumeration
local-service-detection
payload-bypass
loopback-address-bypass
DownNotifier
downnotifier.com
OpenBugBounty
PayloadsAllTheThings
mqt