Mastodawn

Thử thách Burp SSRF: Yêu cầu dùng tính năng kiểm tra kho để quét dải IP nội bộ 192.168.0.X:8080, tìm giao diện admin. Sau khi quét, phát hiện IP trả về mã 404 → chỉ ra URL tồn tại. Truy cập /admin tại IP này nhận chuyển hướng 302. Theo dõi redirect và xóa user "carlos" thành công.

#WebSecurity #SSRF #Pentesting #BurpSuite
#BảoMậtWeb #SSRF #KiểmThửXâmNhập #BurpSuite

https://dev.to/jdj_mdj_b72ba3daf52231833/burpba-chang-ssrf-2-52ik

burp靶场 ssrf 2

题目要求如下 This lab has a stock check feature which fetches data from an internal system. To solve the...

DEV Community

Offensive Sequence Dec 25

🛡️ CVE-2025-68600: CRITICAL SSRF in Yannick Lefebvre Link Library (≤7.8.4). Unauthenticated attackers can target internal networks. Audit outbound traffic, enable egress filtering, and monitor for abuse! https://radar.offseq.com/threat/cve-2025-68600-server-side-request-forgery-ssrf-in-c3cb034b #OffSeq #SSRF #Vuln #CyberSec

Offensive Sequence Dec 19

🛑 CRITICAL: CVE-2025-64663 (SSRF) in Azure Cognitive Service for Language—Custom Question Answering feature is at risk. Elevation of privilege possible; apply strict egress filtering & monitor now. Patch pending. https://radar.offseq.com/threat/cve-2025-64663-cwe-918-server-side-request-forgery-4a0523d4 #OffSeq #Azure #SSRF #CloudSecurity

GripNews Dec 18

🌖 PostHog 零日漏洞揭祕：SSRF、ClickHouse SQL 注入與 PostgreSQL 預設密碼串聯的遠端程式碼執行鏈
➤ 從 SSRF 到 RCE：PostHog 安全漏洞的深度挖掘
✤ https://mdisec.com/inside-posthog-how-ssrf-a-clickhouse-sql-escaping-0day-and-default-postgresql-credentials-formed-an-rce-chain-zdi-25-099-zdi-25-097-zdi-25-096/
本文深入剖析了 PostHog 平臺中發現的一系列嚴重安全漏洞，作者透過對其開源碼進行細緻研究，發現了伺服器端請求偽造 (SSRF)、ClickHouse SQL 注入以及 PostgreSQL 預設密碼等問題。透過巧妙地串聯這些漏洞，作者成功實現了遠端程式碼執行 (RCE)。文章詳細闡述了漏洞的發現過程、技術細節以及如何一步步構建攻擊鏈，為 PostHog 及其使用
#資安研究 #漏洞分析 #PostHog #SSRF #SQL Injection #RCE

Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096) - Mehmet Ince @mdisec

It was yet another day at the office. Our team was internally discussing moving to a different platform analytics solution. Our team was really leaning more towards Posthog. It’s one of the brilliant -I personally believe it’s the best- products on the market. And that’s where the story has begun… We have a somewhat unconventional—some […]

Mehmet Ince @mdisec

Hacker News Dec 17

Inside PostHog: SSRF, ClickHouse SQL Escape and Default Postgres Creds to RCE

https://mdisec.com/inside-posthog-how-ssrf-a-clickhouse-sql-escaping-0day-and-default-postgresql-credentials-formed-an-rce-chain-zdi-25-099-zdi-25-097-zdi-25-096/

#HackerNews #InsidePostHog #SSRF #ClickHouse #RCE #Cybersecurity

Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096) - Mehmet Ince @mdisec

Mehmet Ince @mdisec

Offensive Sequence Dec 8

⚠️ HIGH severity SSRF (CVE-2025-26487) in Infinera MTC-9 R22.1.1.0275 — attackers could abuse server requests for lateral movement. Monitor for updates; mitigate exposure! https://radar.offseq.com/threat/cve-2025-26487-cwe-918-server-side-request-forgery-2e6cf9cf #OffSeq #SSRF #Vuln #Infinera

Offensive Sequence Dec 1

🛡️ MEDIUM SSRF in orionsec orion-ops (SSH Connection Handler, up to 5925824997a3109651bbde07460958a7be249ed1). Remote exploit possible—no patch from vendor. Restrict access, monitor traffic, validate inputs. CVE-2025-13809. https://radar.offseq.com/threat/cve-2025-13809-server-side-request-forgery-in-orio-708d56f9 #OffSeq #SSRF #Security

Bug Bounty Shorts Nov 15

How a Single SSRF Changed My Life: My Journey From Logistics Into Cybersecurity
Type: Server-Side Request Forgery (SSRF) vulnerability in WordPress XML-RPC functionality, specifically exploiting the pingback.ping method which allows arbitrary external requests from the target server. The vulnerability exists because the XML-RPC pingback system accepts arbitrary URLs without proper validation or restrictions. Exploitation involves accessing the /xmlrpc.php endpoint and sending a POST request with system.listMethods to enumerate available methods, identifying pingback.ping, then crafting a malicious request with attacker-controlled URLs to force the server to make outbound requests. Using webhook.site as a listening endpoint, the attacker sends: POST /xmlrpc.php with XML payload containing pingback.ping method and webhook URL as target, which triggers the server to initiate an HTTP request to the external webhook, confirming the SSRF vulnerability. Impact includes server metadata exposure, potential internal network enumeration, SSRF-based port scanning, access to cloud metadata services (if cloud environment), and demonstration of unauthorized outbound connections from the target infrastructure. Mitigation involves disabling XML-RPC pingback functionality entirely, implementing strict input validation and URL whitelisting for outbound requests, restricting network access to internal resources, configuring firewall rules to prevent arbitrary external connections, and regular security testing of web applications. WordPress administrators can disable XML-RPC via plugins or server configuration if not needed. #infosec #BugBounty #Cybersecurity #SSRF
https://medium.com/@jsll/how-a-single-ssrf-changed-my-life-my-journey-from-logistics-into-cybersecurity-e1eba7ff7ce1?source=rss------bug_bounty-5

How a Single SSRF Changed My Life: My Journey From Logistics Into Cybersecurity

Introduction

Medium

Offensive Sequence Nov 14

⚠️ CRITICAL SSRF (CVE-2025-64709) in Typebot.io <3.13.1 lets authenticated users hijack AWS EKS IAM creds by bypassing IMDSv2—risking full cluster compromise. Patch to 3.13.1+ now! https://radar.offseq.com/threat/cve-2025-64709-cwe-918-server-side-request-forgery-59006f73 #OffSeq #SSRF #AWS #Kubernetes

Offensive Sequence Nov 11

⚠️ CVE-2025-64522: CRITICAL SSRF in charmbracelet soft-serve (<0.11.1). Repo admins can abuse webhook URLs to target internal/cloud endpoints. Patch to 0.11.1+ now! Details: https://radar.offseq.com/threat/cve-2025-64522-cwe-918-server-side-request-forgery-b1a9435c #OffSeq #SSRF #Vuln #GitOps