Protected: RCE via Spring Engine SSTI

There is no excerpt because this is a protected post.

Advertisements

Extracting AWS metadata via SSRF in Google Acquisition

A few months ago when I was first learning about ssrf vulnerabilities, I came across a few blogs and hackerone reports explaining different scenarios in which ssrf vulnerabilities can be leveraged to escalate the impact. I was able to apply this knowledge when looking through Google's acquisition "Apigee". This vulnerability was found on a test … Continue reading Extracting AWS metadata via SSRF in Google Acquisition