Myles Nieman
← All writeups

SSRF

3 writeups

Ghost

Insane

LDAP injection on a Next.js intranet leaks a service-account secret that unlocks Gitea; a custom Ghost CMS file-read exposes an RCE dev key; from …

Windows

Sea

Easy

A WonderCMS site’s contact form SSRF is weaponized to deliver CVE-2023-41425, landing a shell as www-data; a password hash found in the CMS …

Linux

Lantern

Hard

A Skipper proxy CVE-2022-38580 SSRF exposes an internal Blazor WebAssembly app whose DLL contains base64-encoded admin credentials; those credentials …

Linux