Chaturbate: Blind SSRF on image proxy camo.stream.highwebmedia.com

2018-07-22T12:50:22
ID H1:385178
Type hackerone
Reporter jaykpatel
Modified 2018-09-20T00:05:20

Description

The hacker discovered that our secure image proxy camo.stream.highwebmedia.com could be used to access http(s) endpoints on internal ips. The application was patched to not allow access to internal ips. In this case these servers are in a separate cluster with no access to other services so possible exploitation was limited.