Snapchat recently gave a reward of $4000 to a group of security researchers after they were successful in finding a server-side request forgery (SSRF) vulnerability in Snapchat’s ad platform. SSRF is a category of web security vulnerability where an attacker hampers the working of servers to execute actions on data that can’t be accessed by them directly otherwise.
“Using this they can mint tokens for the service-account assigned to the instance hosting the Chrome instances used for extracting webpages assets for media projects,” reported Snapchat in a write-up on Hackerone.
The team included Brett Buerhaus, Sera Brocious, and Ben Sadeghipour. Sadeghipour and Brocious discovered the vulnerability after they witnessed strange behavior in the import process of the creative application in the process of looking through Snapchat’s ad site. The team was successful in revealing that an SSRF shortcoming in the messaging app’s Ads Manager platform developed a means to exfiltrate data from its internal endpoints.