bug-bounty448
google354
microsoft311
facebook262
xss238
apple179
malware174
rce149
exploit124
bragging-post101
cve99
account-takeover93
phishing83
csrf79
privilege-escalation77
supply-chain65
stored-xss65
authentication-bypass63
dos60
browser57
reflected-xss57
react50
cloudflare49
cross-site-scripting48
reverse-engineering48
input-validation48
access-control47
aws45
docker45
smart-contract45
node44
sql-injection43
ethereum43
web343
defi42
web-security42
web-application41
ssrf38
burp-suite35
idor34
vulnerability-disclosure34
info-disclosure33
race-condition33
html-injection33
cloud32
writeup32
oauth32
buffer-overflow32
smart-contract-vulnerability32
information-disclosure30
0
8/10
Security researchers discovered an SSRF vulnerability on Airbnb's chat endpoint by chaining a third-party open redirect in LivePerson's API with path traversal via encoded backslashes, enabling arbitrary requests from the Airbnb server. The attack exploited LivePerson's visitorWantsToChat redirect parameter and path parameter traversal to bypass intended API boundaries.
ssrf
open-redirect
chaining
path-traversal
api-security
liveperson
airbnb
javascript-analysis
endpoint-discovery
Airbnb
LivePerson
Ben Sadeghipour
Brett Buerhaus
0
6/10
A bug bounty hunter discovered an SSRF vulnerability via a JavaScript file parameter that allowed reading internal files (like /etc/passwd) using the file:// URL scheme, leading to a successful disclosure and bounty.
ssrf
server-side-request-forgery
file-disclosure
internal-file-read
javascript-analysis
file-scheme
endpoint-discovery
bug-bounty
web-vulnerability
Neeraj Sonaniya
unminify.com