How we chained a blind SSRF vulnerability with an IDOR in a SaaS platform's internal API to read files belonging to arbitrary tenants — and collected a $25,000 bug bounty.
// term
How we chained a blind SSRF vulnerability with an IDOR in a SaaS platform's internal API to read files belonging to arbitrary tenants — and collected a $25,000 bug bounty.