Blind SSRF on Gofundme.com

Disclosed by
Mr404ntf's avatar
Mr404ntf
  • Engagement Undisclosed
  • Disclosed date about 4 years ago
  • Priority P4 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by customer

We put out our release today, feel free to disclose

Summary by Mr404ntf

blind ssrf

Activity
  1. DK’s avatar
    DK Customer published the disclosure report

    ()

  2. DK’s avatar
    DK Customer changed the state to Resolved

    ()

  3. Mr404ntf’s avatar
    Mr404ntf sent a message

    ()

  4. DK’s avatar
    DK Customer sent a message

    ()

  5. DK’s avatar
    DK Customer sent a message

    ()

  6. Mr404ntf’s avatar
    Mr404ntf requested disclosure

    ()

  7. Mr404ntf’s avatar
    Mr404ntf sent a message

    ()

  8. sophie_bugcrowd’s avatarbugcrowd logo
    sophie_bugcrowd sent a message

    ()

  9. sophie_bugcrowd’s avatarbugcrowd logo
    sophie_bugcrowd marked the submission a duplicate of a previously submitted report

    ()

  10. sophie_bugcrowd’s avatarbugcrowd logo
    sophie_bugcrowd changed the state to Unresolved

    ()

  11. sophie_bugcrowd’s avatarbugcrowd logo
    sophie_bugcrowd updated VRT to Broken Access Control (BAC) > Server-Side Request Forgery (SSRF) > External

    ()

  12. Mr404ntf’s avatar
    Mr404ntf created the submission

    ()