A Case Study of API Vulnerabilities - Part 2, and Empty Heads

IntroThis blog post is a more general one than my usual posts. I'll try and cover two things; an SSRF bug in an API, and a cool productivity system I use. SSRF with Secondary Context Path TraversalThis writeup presents another thing to test for when you have a full-or-partial-read SSRF.…