️ SSRF to RCE: How I Turned a Small Bug Into a Big Paycheck

A bug bounty hunter shares an anecdote on exploiting an initial SSRF bug (Server-Side Request Forgery) that turned into a RCE vulnerability (Remote Code Execution) and a large payout.
The story details the process of finding the initial bug through testing an image processing feature that fetched images from external URLs, and then escalating the issue to an SSRF vulnerability by injecting an internal service address.
The key steps detailed are scanning for internal services, using tools like Burp Suite’s Collaborator and curl for internal service interaction, finding an RCE vulnerability, and utilizing a vulnerable npm package for remote code execution as a proof of concept.
The hunter expected a $500 -$ 1,000 payout for the initial SSRF bug, but the RCE escalation resulted in a much higher reward.

Fast Feed