bug-bounty625
facebook443
xss316
google119
rce106
microsoft66
csrf60
web355
account-takeover55
writeup50
malware43
sqli41
apple41
exploit40
ssrf35
cve34
privilege-escalation34
dos34
cloudflare29
defi28
phishing25
smart-contract-vulnerability25
access-control25
ethereum24
smart-contract24
clickjacking24
idor24
subdomain-takeover24
vulnerability-disclosure23
remote-code-execution21
auth-bypass19
lfi18
race-condition16
cloud15
authentication-bypass15
cors15
solidity15
node15
aws14
reverse-engineering13
oauth13
web-security12
sql-injection12
supply-chain12
denial-of-service11
info-disclosure11
browser11
delegatecall11
web-application-security11
vulnerability10
0
Researchers discovered an SSRF vulnerability on Airbnb by chaining a third-party open redirect in LivePerson's chat integration, leveraging automated JavaScript endpoint discovery and LivePerson's visitorWantsToChat API parameter to redirect internal API requests to attacker-controlled URLs. Additionally, relative path traversal via encoded backslashes in the path parameter enabled access to non-API endpoints on the LivePerson domain.
ssrf
open-redirect
server-side-request-forgery
path-traversal
api-vulnerability
third-party-integration
liveperson
javascript-reconnaissance
endpoint-discovery
vulnerability-chaining
Airbnb
LivePerson
Ben Sadeghipour
Brett Buerhaus
0
0
vulnerability
0
0
2/10
A clickbait Medium article claiming to demonstrate how to earn $500 from an open redirect vulnerability, but provides no actual technical details, methodology, or exploitation steps.
0
bug-bounty
0
bug-bounty
0
bug-bounty