bug-bounty487
google307
xss300
microsoft254
facebook222
rce192
exploit161
apple147
malware140
cve129
account-takeover113
bragging-post110
privilege-escalation88
csrf86
authentication-bypass71
stored-xss66
phishing61
writeup59
reflected-xss59
dos58
browser57
supply-chain55
access-control52
input-validation49
web-security49
react48
reverse-engineering48
defi48
ssrf48
smart-contract47
cross-site-scripting46
open-source46
cloudflare46
ethereum44
oauth44
sql-injection43
lfi42
aws41
web340
web-application38
docker38
ctf37
race-condition37
api-security36
burp-suite36
node35
ai-agents35
pentest34
smart-contract-vulnerability33
information-disclosure33
0
6/10
Researcher exploited an SSRF vulnerability on Adfly to gain access to the internal SMTP server via the Gopher protocol, enabling unauthorized email sending from the Adfly domain. The attack involved uploading a PHP redirect file to a third-party server that, when visited through Adfly's URL shortening feature, would execute a Gopher payload to interact with the local SMTP service.
ssrf
gopher-protocol
smtp
email-spoofing
php
bug-bounty
server-side-request-forgery
gopherus
fastcgi
rce
Adfly
Rafli Pasya
Zerb0a
Gopherus
FastCGI