Hello friends Today I want to work on a target that easily bypasses the site's authentication system and then tests an SSRF vulnerability.
Пікірлер: 15
@sw4pn3h0x88 ай бұрын
But you opened the link in your browser so the http request recieved is of your own not the server’s
@entertainment66558 ай бұрын
The SSRF was next level. 😂
@gouthamas5324 ай бұрын
Verification bypass is fine, but it's not a SSRF
@huzifaahmed14268 ай бұрын
OTP is serious finding but in the ssrf the calling came from your own network not the server IP. the important think in ssrf is the calling and its hould came from the original website server
@bkg21908 ай бұрын
Awesome 👍
@user-tf3gr2sd6x6 ай бұрын
After watching this POC i am able to do SSRF on every website.
@Avoshsecurity6 ай бұрын
You're welcome
@gouthamas5324 ай бұрын
If you follow this step for ssrf, you won't get any bounty for sure 😂 because it's not a valid way of finding ssrf
@Cyber_Sec_8 ай бұрын
Nice
@vimalvinz98438 ай бұрын
Great finding 👌😏
@IllIIIIIIllll6 ай бұрын
Wow didn't knew slack would have that OTP verify😂.
@Avoshsecurity6 ай бұрын
You're welcome
@INFINITY-GAMER73459 ай бұрын
is that you reported
@montala33806 ай бұрын
It is not vulnerable at SSRF =)) When you remove `tel` and your browser call to the Burp-collab → the IP got recorded is yours not from the Slack. For the second SSRF it could be because I saw 2 different IP as well as DNS. 1 is belonging to you, and the rest could be from Slack