Bug Bounty

• Lorsrf

  2025-05-10

  Lorsrf 🛰️

  Lorsrf is a fast, efficient CLI tool written in Rust designed to discover HTTP parameters that are vulnerable to Server-Side Request Forgery (SSRF) attacks and out-of-band resource loading vulnerabilities.

  Overview

  SSRF vulnerabilities occur when an application makes requests to external resources based on user-controlled input without proper validation. These vulnerabilities can lead to:

  • Internal network reconnaissance
  • Cloud metadata access (AWS, Azure, GCP)
  • Port scanning of internal services
  • Reading local files via file:// protocol
  • Bypassing firewalls and access controls

  Key Features

  🚀 High Performance

• Legacy SDK Flaws Cause Stored XSS and Account Takeover

  2025-03-14

  

  —

  Alright, let me tell you a fun story about how a casual day of hunting bugs turned into a serious jackpot — all thanks to some forgotten open source library!

  It started like any other day: coffee ready, Burp Suite fired up, and enthusiasm maxed out. I was testing a cool AI-driven reporting/training platform over at example.ai.

  These folks were pretty solid when it came to securing their main endpoints; my usual payloads and tests didn’t reveal much initially. However, the moment I stumbled onto their /reports page, my curiosity went through the roof. This page was super interactive—it allowed users to create detailed, professional-looking reports with graphs, charts, images, markdown support, etc ..