bug-bounty497
google316
xss300
microsoft261
facebook228
rce194
exploit166
apple154
malware144
cve131
account-takeover113
bragging-post110
privilege-escalation88
csrf86
authentication-bypass71
stored-xss66
writeup62
phishing62
dos59
reflected-xss59
browser59
supply-chain57
access-control53
reverse-engineering50
input-validation49
react49
web-security49
ssrf48
cloudflare48
defi48
smart-contract47
cross-site-scripting46
open-source46
oauth44
ethereum44
sql-injection43
lfi42
aws41
web340
web-application38
docker38
node38
race-condition37
ctf37
burp-suite36
api-security36
info-disclosure35
ai-agents35
pentest35
buffer-overflow33
0
6/10
bug-bounty
A researcher discovered and exploited an SSRF vulnerability in DownNotifier's website monitoring service, using the 0.0.0.0 loopback address to bypass filters and enumerate local services (FTP, HTTP) via XSPA timing analysis.
ssrf
server-side-request-forgery
xspa
cross-site-port-attack
bypass
loopback-filter-bypass
service-enumeration
bug-bounty
writeup
DownNotifier
downnotifier.com
OpenBugBounty
PayloadsAllTheThings
mqt