Dropbox: Server Side Request Forgery (SSRF) at app.hellosign.com leads to AWS private keys disclosure
The report details about a Server Side Request Forgery vulnerability that was present on the document upload through integrations feature in the HelloSign application. The vulnerability was caused due to an unvalidated external file upload through our various integration partners. The attacker...