How I found the $1,500 SSRF in Stripe bug bounty program
✉️ Sign up for the mailing list: https://bbre.dev/nl
The presentation is not yet available on YouTube, I’ll link it as soon as it’s published.
? Follow me on Twitter: https://bbre.dev/tw
This video is an explanation and step-by-step walkthrough of how I found a domain denylist bypass in smokescreen which could lead to an SSRF. The bug was rewarded $1,500 by Stripe bug bounty program.
? Get $100 in credits for Digital Ocean: https://bbre.dev/do
Timestamps:
00:00 Intro
00:22 It’s the best time to join BBRE Premium!
00:53 What is smokescreen?
01:46 Why did I choose this bug bounty target?
02:30 My testing methodology
04:44 The trailing dot domain bypass
07:12 The impact
Add comment