#40

SSRF – Case study of 124 bug bounty reports

In theory, SSRF is a really simple vulnerability class - you can make requests to arbitrary locations. In practice, however, it’s often more complex. Where to look for SSRFs? What parameters are most likely to be vulnerable? Do we actually need all those complex...