Check out Intigriti:
? Subscribe to BBRE Premium: ($20 OFF with code BIRTHDAY)

✉️ Sign up for the mailing list:
? Follow me on Twitter:

This video is an explanation of an SSRF found by Harsh Jaiswal in HelloSign application which is in scope of Dropbox bug bounty program. The vulnerablity existed in Google Drive integration and allowed to takeover the HelloSign server. The bug was awarded over $17,5k bounty.

? Get $100 in credits for Digital Ocean:

Reporter’s Twitter:


00:00 Intro
01:05 HelloSign’s integration with Google Drive
03:26 How to get an SSRF while only controlling request path?
06:16 How you should look for this bug

Add comment

Your email address will not be published. Required fields are marked *