Mail.ru: OOB XXE

2019-09-08T06:00:19
ID H1:690387
Type hackerone
Reporter johndoe1492
Modified 2019-10-11T14:10:31

Description

Limited XXE on XML request processing led to blind SSRF possibility OOB XXE on one of Ext. B Mail.ru domains, which could be exploited as blind SSRF.