Uber: [usuppliers.uber.com] - Server Side Request Forgery via XXE OOB

ID H1:448598
Type hackerone
Reporter 0xd0m7
Modified 2021-02-25T22:10:16


It was possible to determine open internal ports on an usuppliers.uber.com server, via examination of different error messages to a specific POST request made with various payloads. This error message discrepancy would allow an attacker to discover open internal ports, potentially allowing more targeted future attacks against likely services running on these ports.