bug-bounty450
google358
microsoft315
facebook265
xss239
apple181
malware172
rce149
exploit130
bragging-post101
cve99
account-takeover93
phishing82
csrf79
privilege-escalation77
supply-chain64
stored-xss64
authentication-bypass62
dos60
reflected-xss57
browser56
react50
cloudflare49
reverse-engineering48
input-validation48
cross-site-scripting48
access-control47
docker46
node45
aws45
smart-contract45
web344
ethereum43
defi42
sql-injection42
web-security40
ssrf40
web-application40
burp-suite35
info-disclosure34
vulnerability-disclosure34
idor34
html-injection33
race-condition33
buffer-overflow33
cloud33
smart-contract-vulnerability32
oauth32
writeup32
information-disclosure30
0
8/10
A detailed writeup of a multi-stage attack chain exploiting WAF bypass via DNS enumeration to discover origin server IP, leveraging LFI to bypass Cloudflare, then escalating to SSRF by bypassing Nginx web cache (using query string manipulation), and finally extracting AWS credentials from instance metadata. The attacker discovered that Nginx cache rules didn't account for query parameters, allowing cache bypass via appending '?' to metadata API calls.
waf-bypass
cloudflare-bypass
lfi
ssrf
aws-credentials
web-cache-bypass
nginx-cache
instance-metadata
dns-enumeration
origin-ip-disclosure
privilege-escalation
multi-stage-attack
Avinash Jain
logicbomb
Cloudflare
AWS
Nginx
CVE-2019-XXXX (instance metadata exploitation)