Uber: [usuppliers.uber.com] - Server Side Request Forgery via XXE OOB
It was possible to determine open internal ports on an usuppliers.uber.com server, via examination of different error messages to a specific POST request made with various payloads. This error message discrepancy would allow an attacker to discover open internal ports, potentially allowing more...