Mail.Ru: SSRF на https://target.my.com/

2017-01-21T15:54:31
ID H1:200224
Type hackerone
Reporter lalka
Modified 2017-11-07T12:34:48

Description

SSRF via submitting URL redirecting to internal resrouce to REST API method of target.my.com.

target.my.com is not currently in the Bug Bounty scope, bounty was issued due to potential impact on different services and infrastructure.