Exploiting a High‑Risk SSRF Vulnerability in a Financial Crowdsourcing Web Application

The article details a step‑by‑step penetration test of a seemingly empty financial web application, describing how hidden JavaScript files and a discovered /xxxapi/file/pdf/view endpoint were leveraged to craft an SSRF payload that accessed internal services such as Elasticsearch, illustrating practical web security exploitation techniques.

JavaScript analysisSSRFWeb Security

0 likes · 7 min read

Exploiting a High‑Risk SSRF Vulnerability in a Financial Crowdsourcing Web Application

ITPUB

Sep 4, 2017 · Information Security

How I Exploited Oracle Advanced Support to Run Remote SQL via Hidden JavaScript

During an external penetration test I discovered an Oracle Advanced Support service, reverse‑engineered its JavaScript endpoints, crafted GET and POST requests to create and execute named SQL statements, and ultimately extracted database version, user information, and password hashes, highlighting a critical web‑application flaw.

API abuseJavaScript analysisOracle

0 likes · 14 min read

How I Exploited Oracle Advanced Support to Run Remote SQL via Hidden JavaScript