Revealing SSRF Exploitation in inDrive's File Storage API | Bug Bounty

 

Hey Security Enthusiasts!

I'm System.Exit, and today we're unraveling a recent bug bounty discovery by cypher-28 in the inDrive web application. Join me as we explore the SSRF (Server-Side Request Forgery) vulnerability found in the https://couriers.indrive.com/api/file-storage endpoint.

What is SSRF?

Before we dive in, let's briefly understand SSRF. In a web application, SSRF occurs when an attacker can make the server perform requests on their behalf. This often involves manipulating input parameters to trick the server into making unintended requests to external resources.

Summary:

Cypher-28 identified an SSRF vulnerability in the "url" parameter of inDrive's file storage API. This flaw allowed an attacker to manipulate the "url" parameter, potentially leading to unauthorized requests to external websites. The impact was significant, as the server did not properly sanitize the input, enabling attackers to request any website of their choice.

 

Steps To Reproduce:

  1. Log into any account as an attacker and obtain the authorization token.
  2. Send a crafted request to https://couriers.indrive.com/api/file-storage?url=http://va99zfc0lxpm75ogmcjhz8xij9pzdo.oastify.com.
    • Replace the "url" value with your Burp Collaborator or any controlled domain.
  3. Observe the content being displayed in the response and check interactions in your Burp Collaborator

 

  • The Request


 

The Response:


 

Impact:

The SSRF vulnerability allowed attackers to bypass proper URL input sanitization. This could potentially lead to various malicious activities, including accessing sensitive information from external websites.

inDrive's Response:

  • Bounty Reward: $2,000 transferred to cypher-28's account.
  • Bug Fixed: The vulnerability was addressed, and the status changed to Resolved within 8 days.


Certainly, @cypher-28! It's fantastic to hear that an initial remediation is in place, and the steps for reproduction are no longer functional. Your dedication to security research and responsible disclosure is commendable.

A big shoutout to all the readers for their support and engagement. Your interest in cybersecurity and bug bounty adventures is what makes our community thrive. Together, we contribute to a safer digital landscape.

Thank you for being part of this journey, and stay tuned for more exciting discoveries and insights. Your ongoing support is genuinely appreciated!

Happy hacking! 🎉🔐

 

 

Comments

Post a Comment

Popular Posts