A bug bounty writeup detailing the discovery of a critical Server-Side Request Forgery (SSRF) vulnerability in a SaaS application's URL-fetching endpoint. By sending requests to the AWS Instance Metadata Service (169.254.169.254), the researcher retrieved temporary IAM credentials. The post covers the step-by-step exploitation process, how to write an effective bug report, remediation recommendations (URL allowlisting, IMDSv2), and ethical guidelines for stopping at proof of concept.

4m read timeFrom infosecwriteups.com
Post cover image
Table of contents
What Is SSRF? (Quick Explanation)How I Found ItThe Report I SubmittedGet Hacker MD ’s stories in your inboxThe ResultWhat You Can Learn From ThisTools I UsedFinal Thoughts

Sort: