Nicolas Grégoire’s excellent presentation from AppSecEU 2015 on various terrifying SSRF exploits. I was thrillied to see Fastmail, and particularly Hopscotch (my image proxy), mentioned as potential targets, but then not actually feature in any of the exploits presented. I hope that means nothing of interest was found! Interestingly, I did discover after reading it that Hopscotch was actually vulnerable to a redirect attack. It only did its DNS paranoia checks on the input URL, not on the ...
