Snapchat awards $4000 bug bounty to researchers for discovering SSRF vulnerability


    Snapchat recently gave a reward of $4000 to a group of security researchers after they were successful in finding a server-side request forgery (SSRF) vulnerability in Snapchat’s ad platform. SSRF is a category of web security vulnerability where an attacker hampers the working of servers to execute actions on data that can’t be accessed by them directly otherwise.

    “Using this they can mint tokens for the service-account assigned to the instance hosting the Chrome instances used for extracting webpages assets for media projects,” reported Snapchat in a write-up on Hackerone.

    The team included Brett Buerhaus, Sera Brocious, and Ben Sadeghipour. Sadeghipour and Brocious discovered the vulnerability after they witnessed strange behavior in the import process of the creative application in the process of looking through Snapchat’s ad site. The team was successful in revealing that an SSRF shortcoming in the messaging app’s Ads Manager platform developed a means to exfiltrate data from its internal endpoints.

    Recent Articles

    Mabl Introduces Native Desktop Application with API and Mobile Test Automation Capabilities

      Mabl, the prominent intelligent test automation firm, proclaimed on 24th February the beta release of their recent native desktop application that authorizes users to...

    Software testing company Qualitest acquires QA InfoTech

      Qualitest, the world's largest independent managed services provider of quality assurance and testing solutions, announced on 18th February 2021 that they have acquired QA...

    Beginners guide to Submit Paper for Software Testing Conferences

      Software Testing Conferences have become extremely important nowadays with constant changes in techniques, and up-gradation of technology, it is extremely important for Testers to...

    Google’s Payout to Bug Hunters Hits All-time high of $6.7 Million

      Google announced on 4th February 2021 that it has paid over $6.7 million in reward to 662 security researchers across 62 countries for catching...

    Provar Secures $17M in Series A Funding

      London-based Provar is a company that assists clients and partners in making Salesforce better with repeatable and manageable test automation. It pairs instinctive testing...

    Related Stories

    Stay on op - Ge the daily news in your inbox