You have probably read one or more blog posts about SSRFs, many being escalated to RCE. While this might be the ultimate goal, this post is about an often overlooked impact of SSRFs: application logic impact. This post will tell you the story about an unauthenticated SSRF affecting Acronis Cyber Backup up to v12.5 Build … Continue reading CVE-2020-16171: Exploiting Acronis Cyber Backup for Fun and Emails