Tagged articles

ssrf

19 articles · Page 1 of 1
Java Tech Enthusiast
Java Tech Enthusiast
Jun 30, 2026 · Backend Development

Spring Boot 4.1.0 Released: Official gRPC Support Boosts Java Microservices

Spring Boot 4.1.0 introduces official gRPC support, unified Jackson configuration, HTTP client SSRF protection, enhanced observability with OpenTelemetry, and flexible Log4j file‑rotation strategies, while the roadmap confirms a one‑year lifecycle for each version and signals the shift to the 4.x era for Java microservices.

JavaObservabilitySpring Boot
0 likes · 8 min read
Spring Boot 4.1.0 Released: Official gRPC Support Boosts Java Microservices
Java Tech Enthusiast
Java Tech Enthusiast
Jun 21, 2026 · Backend Development

Spring Boot 4.1.0: Deep Dive into 8 Must‑Know Production Features

Spring Boot 4.1.0, released on June 10, 2026, adds official gRPC support, built‑in SSRF protection, OpenTelemetry enhancements, lazy datasource initialization, async context propagation, Kotlin 2.3 compatibility, Log4j file‑rotation, and numerous build‑tool and dependency upgrades, while providing a detailed migration guide for production environments.

Build ToolsKotlinLazy DataSource
0 likes · 17 min read
Spring Boot 4.1.0: Deep Dive into 8 Must‑Know Production Features
Black & White Path
Black & White Path
Jun 16, 2026 · Information Security

One‑Click Link Exposes Enterprise Data Through Microsoft 365 Copilot Vulnerability

SearchLeak is a critical, three‑stage vulnerability chain in Microsoft 365 Copilot Enterprise that lets an attacker exfiltrate MFA codes, emails, calendar details and confidential files with a single click by abusing the q parameter, bypassing Copilot’s HTML sanitization, and leveraging Bing’s SSRF capability, now fully patched by Microsoft.

AI securityCVE-2026-42824Microsoft 365 Copilot
0 likes · 6 min read
One‑Click Link Exposes Enterprise Data Through Microsoft 365 Copilot Vulnerability
Architect's Tech Stack
Architect's Tech Stack
Jun 15, 2026 · Backend Development

Spring Boot 4.1.0 Released: Production‑Ready Features You Should Know

Spring Boot 4.1.0 builds on the 4.x foundation by adding production‑focused enhancements such as native gRPC auto‑configuration, outbound SSRF protection, lazy JDBC connections, OpenTelemetry support, and updated Jackson 3 settings, while offering guidance on when and how to upgrade.

Backend DevelopmentJackson 3OpenTelemetry
0 likes · 13 min read
Spring Boot 4.1.0 Released: Production‑Ready Features You Should Know
Black & White Path
Black & White Path
Mar 16, 2026 · Information Security

How I Discovered and Exploited a 0‑Day in an EIS Office Platform

The article walks through setting up a Windows 2012 IIS environment, reverse‑engineering the product’s 3DES license check, analyzing web.config permissions, and uncovering multiple vulnerabilities—including SSRF, several SQL injections, and arbitrary file‑upload flaws—culminating in a full bypass of the EIS system’s authentication.

0dayEISSQL Injection
0 likes · 8 min read
How I Discovered and Exploited a 0‑Day in an EIS Office Platform
Xiao Liu Lab
Xiao Liu Lab
Oct 24, 2025 · Information Security

How to Secure Nginx Against Host Header Attacks with Simple Config

This article explains why the HTTP Host header is unsafe, demonstrates how attackers can hijack password‑reset links or launch SSRF by forging it, and provides three practical Nginx configuration methods to strictly validate Host values and block malicious requests.

NGINXPassword reset hijackhost-header
0 likes · 7 min read
How to Secure Nginx Against Host Header Attacks with Simple Config
Rare Earth Juejin Tech Community
Rare Earth Juejin Tech Community
Jul 14, 2024 · Information Security

The Dangers of Host Header Abuse Illustrated by a NextJS SSRF Vulnerability (CVE-2024-34351)

This article demonstrates how a NextJS SSRF vulnerability (CVE‑2024‑34351) can be exploited by abusing the HTTP Host header, walks through the underlying code, reproduces the attack to retrieve a protected flag file, and discusses mitigation strategies for developers.

CVE-2024-34351Vulnerability Exploitationhost-header
0 likes · 11 min read
The Dangers of Host Header Abuse Illustrated by a NextJS SSRF Vulnerability (CVE-2024-34351)
Laravel Tech Community
Laravel Tech Community
Oct 11, 2022 · Information Security

Label Studio <1.6.0 SSRF Vulnerability (CVE‑2022‑36551)

Label Studio versions prior to 1.6.0 contain an SSRF flaw that allows authenticated users to access arbitrary files on the server via the data import module, with self‑registration enabled by default, and a proof‑of‑concept exploit is publicly available.

CVE-2022-36551Label StudioPATCH
0 likes · 3 min read
Label Studio <1.6.0 SSRF Vulnerability (CVE‑2022‑36551)
Laravel Tech Community
Laravel Tech Community
Feb 6, 2022 · Information Security

Understanding and Exploiting HTTP Host Header Attacks

This article explains the purpose of the HTTP Host header, how Host header attacks arise when the header is trusted or altered, demonstrates exploitation techniques such as modifying, duplicating, or injecting alternative header fields, and provides mitigation strategies to protect web applications.

Attack TechniquesHTTP Host headerWeb Vulnerability
0 likes · 19 min read
Understanding and Exploiting HTTP Host Header Attacks
Programmer DD
Programmer DD
Jan 14, 2022 · Information Security

Exploiting HTTP Host Header: From Password Reset Poisoning to SSRF

This article explains the purpose of the HTTP Host header, how Host header attacks work, methods to discover and exploit them—including password‑reset poisoning, cache poisoning, access‑control bypass, and SSRF—and provides practical mitigation techniques for developers and security teams.

HTTP Host headercache poisoningpassword reset poisoning
0 likes · 20 min read
Exploiting HTTP Host Header: From Password Reset Poisoning to SSRF
Laravel Tech Community
Laravel Tech Community
Mar 12, 2021 · Information Security

Exploiting a High‑Risk SSRF Vulnerability in a Financial Crowdsourcing Web Application

The article details a step‑by‑step penetration test of a seemingly empty financial web application, describing how hidden JavaScript files and a discovered /xxxapi/file/pdf/view endpoint were leveraged to craft an SSRF payload that accessed internal services such as Elasticsearch, illustrating practical web security exploitation techniques.

JavaScript analysisVulnerability Discoverypenetration testing
0 likes · 7 min read
Exploiting a High‑Risk SSRF Vulnerability in a Financial Crowdsourcing Web Application
System Architect Go
System Architect Go
Mar 6, 2021 · Information Security

Understanding and Exploiting HTTP Host Header Attacks

This article explains how misconfigured HTTP Host headers can be abused for attacks such as cache poisoning, SSRF, password‑reset poisoning and other server‑side exploits, and provides practical detection methods and defensive recommendations for developers and security engineers.

HTTPVulnerabilitycache poisoning
0 likes · 26 min read
Understanding and Exploiting HTTP Host Header Attacks
System Architect Go
System Architect Go
Mar 1, 2021 · Information Security

Server-side Request Forgery (SSRF)

This article explains what server‑side request forgery (SSRF) is, describes its impact, common attack vectors such as targeting the server itself or internal services, outlines bypass techniques for blacklist and whitelist filters, and discusses blind SSRF detection using out‑of‑band methods.

information securityout‑of‑bandpayload
0 likes · 12 min read
Server-side Request Forgery (SSRF)
Programmer DD
Programmer DD
Nov 12, 2020 · Information Security

Uncovering MySQL Exploits: From File Reads to Remote Code Execution

This article provides a comprehensive overview of common MySQL attack techniques—including client‑side arbitrary file reads, SSRF‑based data extraction, server‑side file read/write, remote code execution vulnerabilities (CVE‑2016‑6662), and authentication bypass (CVE‑2012‑2122)—and supplies practical command examples and mitigation insights.

CVEDatabase SecurityExploitation
0 likes · 14 min read
Uncovering MySQL Exploits: From File Reads to Remote Code Execution
Programmer DD
Programmer DD
Oct 22, 2020 · Information Security

How Fastjson’s AutoType Bypass Enables File Read and SSRF Attacks

This article provides a detailed analysis of the recent Fastjson deserialization vulnerability, explaining how the autoType bypass can be exploited to achieve arbitrary file reads, SSRF, and other attacks by leveraging gadget classes such as AutoCloseable, and walks through the debugging process and code paths involved.

AutoTypeJavadeserialization
0 likes · 10 min read
How Fastjson’s AutoType Bypass Enables File Read and SSRF Attacks
ITPUB
ITPUB
Feb 25, 2018 · Information Security

How CSRF Attacks Exploit Cookies and How to Defend Against Them

This article explains the mechanics of Cross‑Site Request Forgery (CSRF) attacks—including a step‑by‑step example of password‑change exploitation—lists the four essential conditions for a successful CSRF, introduces the related Server‑Side Request Forgery (SSRF) threat, and provides practical mitigation strategies for both vulnerabilities.

Attack MitigationCSRFCross-Site Request Forgery
0 likes · 9 min read
How CSRF Attacks Exploit Cookies and How to Defend Against Them