SirLeeroyJenkins

Jan 28, 2022

Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite

Introduction: Lark is an online, all-in-one collaborative platform offering calendar, document and chat functions. They have a public bug-bounty program at https://hackerone.com/lark_technologies , and offer good bounties with a pretty quick payout time. This write up will detail my process of discovering a potential SSRF, and how I bypassed their existing…

8 min read

Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite

8 min read

May 17, 2021

Just Gopher It: Escalating a Blind SSRF to RCE for $15k — Yahoo Mail

Part 1: Recon Typically for a wide scope bug bounty program I’ll start with subdomain enumeration to increase my attack surface, but in this case I was going after a single web application on my target (Yahoo Mail). Since I was only focusing on a single web app, I started by using the…

Bug Bounty

7 min read

Just Gopher It: Escalating a Blind SSRF to RCE for $15k — Yahoo Mail

Bug Bounty

7 min read

SirLeeroyJenkins

374 Followers

big hax

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech
Teams