An overlooked parameter leads to a critical SSRF in Dropbox bug bounty program
? Subscribe to BBRE Premium: https://bbre.dev/premium ($20 OFF with code BIRTHDAY)
✉️ Sign up for the mailing list: https://bbre.dev/nl
? Follow me on Twitter: https://bbre.dev/tw
This video is an explanation of an SSRF found by Harsh Jaiswal in HelloSign application which is in scope of Dropbox bug bounty program. The vulnerablity existed in Google Drive integration and allowed to takeover the HelloSign server. The bug was awarded over $17,5k bounty.
? Get $100 in credits for Digital Ocean: https://bbre.dev/do
Report: https://github.com/httpvoid/writeups/blob/main/Hacking-Google-Drive-Integrations.md
Reporter’s Twitter: https://twitter.com/httpvoid0x2f
Timestamps:
00:00 Intro
01:05 HelloSign’s integration with Google Drive
03:26 How to get an SSRF while only controlling request path?
06:16 How you should look for this bug
Add comment