Dark C0d3rs

Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-12-01
Full Version: HackerOne Disclosed Reports - 2025-12-01
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

hashXploiter

12-02-2025, 12:30 PM
Logo
Critical
resolved

[my.stripo.email] Blind SSRF Vulnerability in Stripo App Export via Missing Endpoints Export Email Message to Zapier


Bug reported by ꦄꦤ꧀ꦢꦿꦶ was disclosed at December 1, 2025, 8:22 am   |   Server-Side Request Forgery (SSRF)

A critical Blind SSRF (Server-Side Request Forgery) vulnerability was identified in the export service of the Stripo app. The vulnerability existed in the endpoint `/exportservice/v3/exports/WEBHOOK/accounts`, where malicious input could be provided in the `webhookUrl` parameter, triggering SSRF and allowing the server to make unauthorized HTTP requests to attacker-controlled systems.


Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-12-01