I Found a Critical SSRF Vulnerability That Could Have Exposed an Entire Server Here’s How A step-by-step bug bounty writeup that any beginner can learn from I almost missed it. It looked like a …

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A bug bounty writeup detailing the discovery of a critical Server-Side Request Forgery (SSRF) vulnerability in a SaaS application's URL-fetching endpoint. By sending requests to the AWS Instance Metadata Service (169.254.169.254), the researcher retrieved temporary IAM credentials. The post covers the step-by-step exploitation process, how to write an effective bug report, remediation recommendations (URL allowlisting, IMDSv2), and ethical guidelines for stopping at proof of concept.