Hello peoples, I’m Muhammad Julfikar Hyder from Bangladesh back again with my first bounty story today. You can also read my previous blog from here How I hacked LINE’s bucket.
It was 09/24/2019 I was newbie at bug bounty hunting, though I’m still newbie there! Whatever, let’s enter the story.
Today I gonna share about the SSRF vulnerability. Let’s know what is SSRF. Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.
Okay, When I just started my hacking life, I liked to test random websites to improve my skill because I was not enough for test on a platformed website. I took a Bangladeshi well known E-Commence website for my testing. I just started an got a request like this.
I became very strange! It was working! The response was like this!
The request was loading file from third party domains!
Then I started to think what can I do more, what can I do more! Because I had no IP logger that I can check the SSRF clearly! I fired up MY little buddy Command Prompt and took the IP of my target domain with the command ‘ping targetsite.com’.
I again changed the request like this,
I changed the URL with Iplocation got the domain’s IP at the response!
SSRF confirmed again!
The site had no bug bounty program, but I reported them politely and they awarded me with 10000৳ which was unexpected even they didn’t have any bounty program! 😀 !
Additional resource: https://www.wizcase.com/tools/whats-my-ip/