Snapchat awards $4000 bug bounty to researchers for discovering SSRF vulnerability


    Snapchat recently gave a reward of $4000 to a group of security researchers after they were successful in finding a server-side request forgery (SSRF) vulnerability in Snapchat’s ad platform. SSRF is a category of web security vulnerability where an attacker hampers the working of servers to execute actions on data that can’t be accessed by them directly otherwise.

    “Using this they can mint tokens for the service-account assigned to the instance hosting the Chrome instances used for extracting webpages assets for media projects,” reported Snapchat in a write-up on Hackerone.

    The team included Brett Buerhaus, Sera Brocious, and Ben Sadeghipour. Sadeghipour and Brocious discovered the vulnerability after they witnessed strange behavior in the import process of the creative application in the process of looking through Snapchat’s ad site. The team was successful in revealing that an SSRF shortcoming in the messaging app’s Ads Manager platform developed a means to exfiltrate data from its internal endpoints.

    Recent Articles

    Weekly Newsletter (25th Apr’ 21 to 1st May’ 21)

      Here’s the Weekly Newsletter from 25th April’ 2021 to 1st May’ 2021: 1. Moolympics #3: Diversity, Equity, and Inclusion through UX - Moolya Software Testing Private...

    OpKey University launched to provide advanced automation testing training

      Opkey announced on 26th April 2021 that the company has launched its own "Opkey University". According to OpKey University, software testing is a critical...

    Cypress 7.2.0 released with New Features and Bugfixes recently released Cypress 7.2.0 version, the new version comes with various bug fixes and new features. Users can now navigate through folders in...

    Moolympics #3: Diversity, Equity, and Inclusion through UX

      Moolya Software Testing Private Limited recently launched Moolympics which is a monthly competition series that covers different skills, values, cultures you bring to the...

    Weekly Newsletter (18th Apr’ 21 to 24th Apr’ 21)

      Here’s the Weekly Newsletter from 4th April’ 2021 to 10th April’ 2021: 1. OpKey launches Industry’s First Marketplace for ERP Test Automation - Opkey recently launched...

    Related Stories

    Stay on op - Ge the daily news in your inbox