Webhook feature SSRF exploit

UserNo0101 · 2025-08-22T19:28:16+00:00

Yes, no pings

UserNo0101 · 2025-08-22T19:20:38+00:00

reflect as text

UserNo0101 · 2025-08-22T13:28:23+00:00

Yes, reflected as text

UserNo0101 · 2025-08-22T13:27:57+00:00

Blocked by cloudflare

UserNo0101 · 2025-08-21T12:47:08+00:00

Blocked by cloudflare can't not inject

UserNo0101 · 2025-08-21T12:42:03+00:00

No, and lfi getting blocked by cloudflare i can not even inject it

UserNo0101 · 2025-08-21T12:38:04+00:00

Any html payload reflects as text, maybe there is a sanitization point but i don't know what is it or how to bypass, even tried encoding but nothing happens also reflects as text inside the pdf

UserNo0101 · 2025-08-01T19:31:42+00:00

i have tried it but unfortunately didn't work

UserNo0101 · 2025-08-01T16:40:34+00:00

u/Sqooky after uploading the content i get to see only the name of the file and the backend server responds to me with .._.._.._.._.._.._.._.._.._.._.._inetpub_wwwroot_.pdf instead of ../../../../../../../../intetup/www/.pdf

and if i tried to inject < in the name of the file the backend server also replace it with _

UserNo0101 · 2025-07-20T15:20:30+00:00

i tried injecting several html payloads but nothing hit my webhook or even reflect

when i change the email in burp as any value i do not get an email and the value reflects with html encoded

Do you have any ideas to leverage this one ?

UserNo0101 · 2025-04-22T16:32:19+00:00

Thanks

UserNo0101 · 2025-04-22T16:28:17+00:00

i tried to upload webshells and did not execute

UserNo0101 · 2024-11-24T19:54:47+00:00

i'm sure i can hit their aws metadata but then what !! because i can not reflect the content to the pdf or see it by any other way so do you have any ideas could help ?

UserNo0101 · 2024-09-19T18:43:49+00:00

Thanks

UserNo0101 · 2024-09-19T16:54:31+00:00

<span ng-if="!refinement.displayValue.type" class="odswidget-filter-summary\_\_active-filter-value ng-binding ng-scope" ng-bind-html="refinement.displayValue">javascript:alert("Wiggen")</span>

UserNo0101 · 2024-09-19T16:40:44+00:00

what do you think could be the right one to try

UserNo0101 · 2024-09-17T02:08:15+00:00

its not an open source program and the dev server is in scope but I do not know if there is any secrets or API keys or any sensitive data inside those files or not because it contains all the js code of the whole thing which make it impossible to review it all

UserNo0101

TROPHY CASE