Top 25 Server-Side Request Forgery (SSRF) Bug Bounty Reports
4 min readJan 19, 2022
In this article, we will discuss the Server-Side Request Forgery (SSRF) vulnerability, and present 25 disclosed reports based on this flaw.
What is Server-Side Request Forgery?
SSRF is when you, as an attacker, successfully make the application triggering arbitrary requests.
Server-Side Request Forgery (SSRF) is basically correlated with other vulnerabilities a lot of times, for example:
XXE with SSRF:
<?xml version="1.0"?>
<!DOCTYPE foo [
<!ELEMENT foo (#ANY)>
<!ENTITY xxe SYSTEM "http://localhost">]><foo>&xxe;</foo>Host Header Injection with SSRF:
GET / HTTP/1.1
Host: localhostHTML Injection with SSRF:
<iframe src=http://localhost></iframeImageMagick SSRF in HLS Processing:
#EXTM3U
#EXT-X-MEDIA-SEQUENCE: 0
#EXTINF:10.0,
http://localhost
#EXT-X-ENDLISTWhy is that dangerous?
Let’s assume you are hosting an application on port 80/443 externally, and the administrative panel is being hosted on port 8008 internally. Through SSRF, you can send arbitrary requests to the administrative panel hosted internally
