SSRF

Oct 09, 2021  ·  11 min read

H@cktivitycon 2021 - Web

Another late CTF writeups for H@cktivitycon 2021 web category.

Default-Credentials · SSRF · Command-Injection · CRLF · SQL-Injection · Sqlite

Aug 09, 2021  ·  10 min read

HackTheBox - Love

SSRF in beginner-level

Windows · SSRF · AlwaysInstallElevated · Msi-Installer · Msfvenom · PrintNightmare

May 15, 2021  ·  9 min read

HackTheBox - Ready

Turns SSRF to remote code execution and escape from a Docker container

Linux · GitLab · CVE-2018-19571 · CVE-2018-19585 · SSRF · CRLF-Injection

May 09, 2021  ·  9 min read

HackTheBox - Time

Exploiting an insecure deserialization on Jackson library and how to mitigate it

Linux · Jackson · Java · SSRF · Deserialization · CVE-2019-12384