Back to directory

WRITEUP #2805

SSRF and Account Takeover via XSS in ERPNext (0-day)

SSRFXSSAccount takeover

by@aszx87410(huli)

Program

ERPNext

Published

Apr 6, 2022

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://tech-blog.cymetrics.io/en/posts/huli/erpnext-ssrf-and-xss-to-account-takeover/

▸ RELATED WRITEUPS

Self-XSS to ATO via Site Features

Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!

RCEConfusion attack

Canary Token OSS Security Audit Report (Q2 2024)

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Directory Traversal, SQL Injection and Server-Side Request Forgery

SQL InjectionPath traversal

Built with ❤️ by Shubham Rawat