? Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
The presentation is not yet available on YouTube, I’ll link it as soon as it’s published.
? Follow me on Twitter: https://bbre.dev/tw

This video is an explanation and step-by-step walkthrough of how I found a domain denylist bypass in smokescreen which could lead to an SSRF. The bug was rewarded $1,500 by Stripe bug bounty program.

? Get $100 in credits for Digital Ocean: https://bbre.dev/do


00:00 Intro
00:22 It’s the best time to join BBRE Premium!
00:53 What is smokescreen?
01:46 Why did I choose this bug bounty target?
02:30 My testing methodology
04:44 The trailing dot domain bypass
07:12 The impact

Add comment

Your email address will not be published. Required fields are marked *