From a lame SSRF to a full $4000 RCE

Hello ethical hackers and bug bounty hunters! Welcome to this bug bounty write-up where I show you how I found a Server-Side Request Forgery vulnerability (SSRF). Then, I will explain how I was able to escalate it to obtain a Remote Code Execution (RCE). Finally, you will see how it is possible to gain a full SSH shell on the vulnerable server.

If all this seems intimidating for you, let me tell you that shouldn’t be; just make sure you stick with me until the end. I promise you are going to learn many things today!

Read more on https://thehackerish.com/bug-bounty-write-up-from-ssrf-to-4000/

Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-free

Facebook Page: https://www.facebook.com/thehackerish

Follow us on Twitter: https://twitter.com/thehackerish