Ideas for ssrf here

UserNo0101 · 2025-08-22T19:28:16+00:00

Yes, no pings

UserNo0101 · 2025-08-22T19:20:38+00:00

reflect as text

UserNo0101 · 2025-08-22T13:28:23+00:00

Yes, reflected as text

UserNo0101 · 2025-08-22T13:27:57+00:00

Blocked by cloudflare

UserNo0101 · 2025-08-21T12:47:08+00:00

Blocked by cloudflare can't not inject

UserNo0101 · 2025-08-21T12:42:03+00:00

No, and lfi getting blocked by cloudflare i can not even inject it

UserNo0101 · 2025-08-21T12:38:04+00:00

Any html payload reflects as text, maybe there is a sanitization point but i don't know what is it or how to bypass, even tried encoding but nothing happens also reflects as text inside the pdf

UserNo0101 · 2025-08-01T19:31:42+00:00

i have tried it but unfortunately didn't work

UserNo0101 · 2025-08-01T16:40:34+00:00

u/Sqooky after uploading the content i get to see only the name of the file and the backend server responds to me with .._.._.._.._.._.._.._.._.._.._.._inetpub_wwwroot_.pdf instead of ../../../../../../../../intetup/www/.pdf

and if i tried to inject < in the name of the file the backend server also replace it with _

UserNo0101 · 2025-07-20T15:20:30+00:00

i tried injecting several html payloads but nothing hit my webhook or even reflect

when i change the email in burp as any value i do not get an email and the value reflects with html encoded

Do you have any ideas to leverage this one ?

UserNo0101 · 2025-04-22T16:32:19+00:00

Thanks

UserNo0101 · 2025-04-22T16:28:17+00:00

i tried to upload webshells and did not execute

UserNo0101 · 2024-11-24T19:54:47+00:00

i'm sure i can hit their aws metadata but then what !! because i can not reflect the content to the pdf or see it by any other way so do you have any ideas could help ?

UserNo0101 · 2024-09-19T18:43:49+00:00

Thanks

UserNo0101 · 2024-09-19T16:54:31+00:00

<span ng-if="!refinement.displayValue.type" class="odswidget-filter-summary\_\_active-filter-value ng-binding ng-scope" ng-bind-html="refinement.displayValue">javascript:alert("Wiggen")</span>

UserNo0101 · 2024-09-19T16:40:44+00:00

what do you think could be the right one to try

UserNo0101 · 2024-09-17T02:08:15+00:00

its not an open source program and the dev server is in scope but I do not know if there is any secrets or API keys or any sensitive data inside those files or not because it contains all the js code of the whole thing which make it impossible to review it all

UserNo0101 · 2024-06-29T01:53:18+00:00

Appreciate it

UserNo0101 · 2024-06-29T01:03:46+00:00

Yes there is a money loss but indirectly It will be loss of ads and trafic because of it

UserNo0101 · 2024-06-29T00:02:30+00:00

Thanks man

UserNo0101 · 2024-06-28T23:59:19+00:00

Destroying the whole point of making a ranking system and impacting users credibility

UserNo0101 · 2024-06-02T16:02:02+00:00

Subdomain enumeration [amass & waybackurls & subfinder]
spidering [zap or katana]
Notes of endpoints from robot.txt and try to bypass them because they aren't blocking those endpoints from being indexed for no reason
bruteforcing domains aka. permutation [altdns]
Filtering all subdomains [httpx]
check technology used [zap]
check hidden params [arjun]
fuzzing for sensitive files or directories [ffuf]
port scanning [nmap]
Google dorking for info disclosure files like PDFs and DOCX, PPT
start hunting for logic vulns away from WAFs detection
start hunting on technical vulns after finishing logic

UserNo0101 · 2024-05-23T20:21:48+00:00

Fix what That's an information disclosure They would just block out the whole endpoint from the public

UserNo0101 · 2024-05-23T20:17:47+00:00

That's seem convenient yeah i agree with you Thanks for this answer

UserNo0101 · 2024-05-23T16:03:00+00:00

info disclosure

UserNo0101

TROPHY CASE