-
# Summary
An SSRF (Server-Side Request Forgery) vulnerability was identified in the LyLme_spage version 1.9.5. This vulnerability allows internal network requests to be initiated and sensitive inform…
-
### Problem Statement
right now, in case of JS exception, there could be **exception.stacktrace.frame.filename** field in JSON payload. This field is vulnerable for SSRF. Anyone can send exception an…
-
### Describe the bug
Hello everyone! I hope all is going smoothly for you. Despite numerous attempts to reach out regarding a security concern via this [discussion](https://github.com/axios/axios/dis…
-
使用DoraBox作为靶机,可以监测到XXE(据此可以判断我的反连平台配置没问题),但是检测不到SSRF
-
### **Description**
Attackers can pass malicious URLs as parameters to the pingback.ping method by constructing malicious requests. The first parameter in this method allows passing any URL, and the …
-
this package uses phantomjs to render a xml snippet to image,thus the xml can be any html ,script.
As the render process runs at backend,so there are ssrf and server side xss risks.
-
Over the years, we've received many bug bounty reports relating to Server side request forgery (SSRF) attacks. In a nutshell, these attacks use short-lived DNS entries to direct Web hooks and other UR…
-
## This would solve...
`undici` and native-node>=18-`fetch` expose (as far as I know, and see documented) no way to protect against [SSRF attacks](https://scalesec.com/blog/exploit-ssrf-to-gain-aws…
-
### Vulnerability report
**Description**
Attackers can pass malicious URLs as parameters to the pingback.ping method by constructing malicious requests. The first parameter in this method allows pa…
-
@SANTHOSH17-DOT I would like to contribute to this repo by explaining about attack mentioned above. Please assign me this issue under JWOC 2023.
Thank You!