About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

A Glossary of Blind SSRF Chains- 364

Asset NotePosted 5 Years Ago
  • Have a SSRF vulnerability that is blind? How do we exploit it!? Although it is not always possible, there are multiple ways of going about it.
  • This blog post is a huge list of blind SSRF techniques. Here is a quick reference list:
    • Elasticsearch
    • Weblogic
    • Hashicorp Consul
    • Shellshock
    • Apache Druid
    • Apache Solr
    • PeopleSoft
    • Apache Struts
    • JBoss
    • Confluence
    • Jira
    • Other Atlassian Products
    • OpenTSDB
    • Jenkins
    • Hystrix Dashboard
    • W3 Total Cache
    • Docker
    • Gitlab Prometheus Redis Exporter
  • Some of the above can get you code execution, while others cause DoS issues.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed