api-fuzzing-for-bug-bounty

skills-sh:sickn33_antigravity-awesome-skills__api-fuzzing-for-bug-bounty

View source

40/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

40/100

HIGH 4

Findings (4)

HIGH

Internal IP range access SSRF_002

ssrf-cloud L210

Detects references to private/internal IP ranges in URL context

http://127.0.0.1:

FIX

Implement URL allowlisting for all outbound requests. Block requests to private IP ranges (10.x, 172.16-31.x, 192.168.x), localhost, and link-local addresses.

FP?

Likely FP if the match is a localhost URL used for local development (e.g., http://localhost:3000) in setup documentation.

HIGH

Internal IP range access SSRF_002

ssrf-cloud L218

Detects references to private/internal IP ranges in URL context

http://127.0.0.1:

FIX

Implement URL allowlisting for all outbound requests. Block requests to private IP ranges (10.x, 172.16-31.x, 192.168.x), localhost, and link-local addresses.

FP?

Likely FP if the match is a localhost URL used for local development (e.g., http://localhost:3000) in setup documentation.

HIGH

Internal IP range access SSRF_002

ssrf-cloud L513

Detects references to private/internal IP ranges in URL context

http://127.0.0.1:

FIX

Implement URL allowlisting for all outbound requests. Block requests to private IP ranges (10.x, 172.16-31.x, 192.168.x), localhost, and link-local addresses.

FP?

Likely FP if the match is a localhost URL used for local development (e.g., http://localhost:3000) in setup documentation.

HIGH

Internal IP range access SSRF_002

ssrf-cloud L522

Detects references to private/internal IP ranges in URL context

http://127.0.0.1:

FIX

Implement URL allowlisting for all outbound requests. Block requests to private IP ranges (10.x, 172.16-31.x, 192.168.x), localhost, and link-local addresses.

FP?

Likely FP if the match is a localhost URL used for local development (e.g., http://localhost:3000) in setup documentation.