Day 48 comes with a SSRF found by nahamsec and a XSS bypass in namecheap.
SSRF in Lyft by Nahamsec
From Rajesh Ranjan. Today I want to talk about an interesting SSRF issue dis coved by Nahamsec on Lyft.
There is an interesting Video on Stok’s Youtube channel, in which you can see that, how nahamsec discovered this vulnerability live. Checkout the Video here
Hackerone Report https://hackerone.com/reports/885975
Payloads to bypass XSS filters
There are a LOT of payloads to bypass different filters and firewalls at the time to attempt an XSS attack. In this case, the XSS was agains namecheap.com. But the firewall was blocking the payloads.
TO bypass the firewall and some html encoding depends on different factors such as where the HTML tag is located and what kind of HTML tag is being used at the time to attempt the XSS attack. In this case, the attacker was located in a
<a> tag. Therefore, this was the following payload.
Full write up here.