LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Email Template Draft Feature Triggers SSRF, Earns ¥3000!

7 months ago 50
BOOK THIS SPACE FOR AD
ARTICLE AD

Xiaodong

Hello hackers,

I’m a bounty hunter from China, and today I’m sharing a bounty project I encountered domestically. Due to confidentiality, I cannot disclose any specific information about it.

The target was an e-commerce management system.

After exploring its various features, I noticed an interesting one — email marketing.

It allows users to create new templates, which was my main testing focus.

When I casually filled in the template content and clicked ‘save draft’, pay attention to the data packet.

Did you notice anything?

Perhaps you noticed the templateId.

Yes, I tested the templateId parameter, trying to modify it to a different ID, and found that the backend…

Read Entire Article
  3. Email Template Draft Feature Triggers SSRF, Earns ¥3000!

Related

Finding Low-Hanging Bugs: A Practical Guide with Commands

Finding Low-Hanging Bugs: A Practical Guide with Commands

30 Best Hacking Prompts

30 Best Hacking Prompts

The More Confident You Are About Your Testing, The Bigger the Bug You Missed

The More Confident You Are About Your Testing, The Bigger the Bug You Missed

8 Shocking Ways to Protect Your Identity Online

8 Shocking Ways to Protect Your Identity Online

JS Review and Abuse GraphQL Result 10xBAC + Admin Panel ATO

JS Review and Abuse GraphQL Result 10xBAC + Admin Panel ATO

How I abled to get users/admins PII Disclosure

How I abled to get users/admins PII Disclosure

Trending

1. Hardik Pandya
2. New Zealand vs England
3. Maharashtra CM Eknath Shinde
4. Yeh Rishta Kya Kehlata Hai
5. Moana 2
6. Syed Mushtaq Ali Trophy
7. Urvil Patel
8. Liverpool vs Real Madrid
9. Gautam Adani Group
10. South Africa vs Sri Lanka

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved