Yahoo! RCE via Spring Engine SSTI

This is write up in which I'll explain a vulnerability I recently found, and reported through Yahoo's bug bounty program. In web application security testing, doing reconnaissance is an important part of finding potentially vulnerable web application assets, as you can discover subdomains, directories, and other assets, which could increase the surface of attack. First, … Continue reading Yahoo! RCE via Spring Engine SSTI

Extracting AWS metadata via SSRF in Google Acquisition

A few months ago when I was first learning about ssrf vulnerabilities, I came across a few blogs and hackerone reports explaining different scenarios in which ssrf vulnerabilities can be leveraged to escalate the impact. I was able to apply this knowledge when looking through Google's acquisition "Apigee". This vulnerability was found on a test … Continue reading Extracting AWS metadata via SSRF in Google Acquisition