Snapchat awards $4000 bug bounty to researchers for discovering SSRF vulnerability


    Snapchat recently gave a reward of $4000 to a group of security researchers after they were successful in finding a server-side request forgery (SSRF) vulnerability in Snapchat’s ad platform. SSRF is a category of web security vulnerability where an attacker hampers the working of servers to execute actions on data that can’t be accessed by them directly otherwise.

    “Using this they can mint tokens for the service-account assigned to the instance hosting the Chrome instances used for extracting webpages assets for media projects,” reported Snapchat in a write-up on Hackerone.

    The team included Brett Buerhaus, Sera Brocious, and Ben Sadeghipour. Sadeghipour and Brocious discovered the vulnerability after they witnessed strange behavior in the import process of the creative application in the process of looking through Snapchat’s ad site. The team was successful in revealing that an SSRF shortcoming in the messaging app’s Ads Manager platform developed a means to exfiltrate data from its internal endpoints.

    Recent Articles

    Applitools partners with Sogeti on 2021 State of Artificial Intelligence applied to Quality Engineering Report

      Applitools, a developer of next-generation test automation platforms such as Ultrafast Test Cloud and Visual AI, announced on the 26th of July that it...

    Trending in Testing Weekly Newsletter #4

      We are excited to present the 4th edition of “Trending in Testing” Weekly Newsletter. Here are the latest updates: Trending News: 1. Robotic Process Automation (RPA)...

    8 Great Resources to learn Testing and Automation in 2021

      One of the important stages in the development of the software process is software testing. There are hundreds of tools out there in the...

    Cypress 8.0.0 released with New Features and Bugfixes recently released Cypress 8.0.0 version, the new version comes with numerous bug fixes and new features. With the new version, all browsers will...

    Robotic Process Automation (RPA) Developer Career Path – Are you Ready to Begin?

      Are you interested in becoming a Robotic Process Automation (RPA) Developer? You might be asking yourself, “What is RPA?”, and that’s a perfectly valid question....

    Related Stories

    Stay on op - Ge the daily news in your inbox