Potential SSRF in

ID H1:97395
Type hackerone
Reporter paresh_parmar
Modified 2017-03-27T13:14:03


SSRF in the project outside of bug bounty program's scope. Despite the project is out-of-scope, bounty was rewarded due to problem severity. i reported this issue as xss one year ago, so i found a directory, where one can upload /flash_test.htm?show=upload swf files, i uploaded malicious swf file with xss payload. swf file was uploading in 3rd party domain so was executing there. flash_test.htm?check_file=xss.swf| but its was executing in 3rd party domain so team closed my report as N/A . that time i forgot to check more , 3 months ago i decided to investigate more and found SSRF here. flash_test.htm?check_file=xss.swf| and response received into my console. it was limited ssrf.