This is write up in which I'll explain a vulnerability I recently found, and reported through Yahoo's bug bounty program. In web application security testing, doing reconnaissance is an important part of finding potentially vulnerable web application assets, as you can discover subdomains, directories, and other assets, which could increase the surface of attack. First, … Continue reading Yahoo! RCE via Spring Engine SSTI
A few months ago when I was first learning about ssrf vulnerabilities, I came across a few blogs and hackerone reports explaining different scenarios in which ssrf vulnerabilities can be leveraged to escalate the impact. I was able to apply this knowledge when looking through Google's acquisition "Apigee". This vulnerability was found on a test … Continue reading Extracting AWS metadata via SSRF in Google Acquisition
Why does this blog exist?