Reverse Proxy misroute leading to steal X-Shopify-Access-Token header
Bypass of the SSRF protection in Event Subscriptions parameter.
SSRF in Exchange leads to ROOT access in all instances
Blind SSRF on errors.hackerone.net due to Sentry misconfiguration
Unauthenticated blind SSRF in OAuth Jira authorization controller
Evaluating Ruby code by injecting Rescue job on the system_hook_push queue through web hook
Blind SSRF in emblem editor (2)
Upload profile photo from URL
Blind SSRF at https://chaturbate.com/notifications/update_push/
SVG Server Side Request Forgery (SSRF)
SSRF at iris.lystit.com
Lack of input sanitization in Marketo form leads to execution of HTML in lead emails
SSRF in api.slack.com, using slash commands and bypassing the protections.
Infrastructure - Photon - SSRF
SSRF in https://cards-dev.twitter.com/validator
SSRF in proxy.duckduckgo.com via the image_host parameter