LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Email Template Draft Feature Triggers SSRF, Earns ¥3000!

2 weeks ago 23
BOOK THIS SPACE FOR AD
ARTICLE AD

Xiaodong

Hello hackers,

I’m a bounty hunter from China, and today I’m sharing a bounty project I encountered domestically. Due to confidentiality, I cannot disclose any specific information about it.

The target was an e-commerce management system.

After exploring its various features, I noticed an interesting one — email marketing.

It allows users to create new templates, which was my main testing focus.

When I casually filled in the template content and clicked ‘save draft’, pay attention to the data packet.

Did you notice anything?

Perhaps you noticed the templateId.

Yes, I tested the templateId parameter, trying to modify it to a different ID, and found that the backend…

Read Entire Article
  3. Email Template Draft Feature Triggers SSRF, Earns ¥3000!

Related

My First Verified Bug Bounty: Unmasking Flaws in University Web Apps

My First Verified Bug Bounty: Unmasking Flaws in University Web Apps

How I Bypass CSP that allow a iframe injection in a chat bot + HTML injection on emails

How I Bypass CSP that allow a iframe injection in a chat bot + HTML injection on emails

Harnessing the Power of Crowd-Sourced Security

Harnessing the Power of Crowd-Sourced Security

My Journey to the Nokia Security Hall of Fame

My Journey to the Nokia Security Hall of Fame

SSRF Bypass Techniques: A Comprehensive Guide for Security Researchers

SSRF Bypass Techniques: A Comprehensive Guide for Security Researchers

ineligible for bounty !!!

ineligible for bounty !!!

Trending

1. Bomb Threat today
2. Nithin Kamath
3. England T20 squad
4. May 1st
5. Hardik Pandya
6. Australia T20 squad
7. Maharashtra Day
8. Share market holiday
9. CBSE 10th Result 2024
10. Mayank Yadav

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved