<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
	<channel>
		<title>Oast on Crusader Research</title>
		<link>https://crusaderproxy.com/research/en/tags/oast/</link>
		<description>Recent content in Oast on Crusader Research</description>
		<generator>Hugo</generator>
		<language>en-US</language>
		
		
		
		
			<lastBuildDate>Sun, 05 Jul 2026 00:00:00 +0000</lastBuildDate>
		
			<atom:link href="https://crusaderproxy.com/research/en/tags/oast/index.xml" rel="self" type="application/rss+xml" />
			<item>
				<title>SSRF past the easy filters: URL-parser confusion and the metadata endpoint</title>
				<link>https://crusaderproxy.com/research/en/posts/ssrf-past-the-easy-filters/</link>
				<pubDate>Sun, 05 Jul 2026 00:00:00 +0000</pubDate>
				<guid>https://crusaderproxy.com/research/en/posts/ssrf-past-the-easy-filters/</guid>
				<description>&lt;p&gt;Server-side request forgery is one of the few bug classes where a single finding hands you cloud credentials. The mechanic is trivial to state — you make a server fetch a URL you control — and every write-up stops there, which is exactly why they&amp;rsquo;re useless. The tutorial payload, &lt;code&gt;http://169.254.169.254/&lt;/code&gt; pasted into a URL field, has been blocklisted everywhere. The reason SSRF is still one of the most productive bug classes in 2026 isn&amp;rsquo;t that developers forgot to filter. It&amp;rsquo;s that &lt;strong&gt;their filter and their HTTP client read the URL differently, and you live in the gap.&lt;/strong&gt;&lt;/p&gt;</description>
			</item>
	</channel>
</rss>
