tldr: curl's --data-binary argument normally specifies arbitrary data to send to the server. However, if the argument starts with an @, curl instead treats it as a filename, and sends the file contents to the server.<p>This technique is likely to work on anything with 'copy as curl' functionality, and may also work on some websites with SSRF where you control a request body or header name.<p>I wrote this up but full credit goes to Paul Mutton for reporting it to our bug bounty program, and agreeing to let us publish the technique.