Ben Sadeghipour (@Nahamsec)

Title	Vulnerabilities	Programs	Authors
My Expense Report resulted in a Server-Side Request Forgery (SSRF) on Lyft	SSRF	Lyft	Ben Sadeghipour (@Nahamsec) Serafina (Sera) Tonin Brocious (@Daeken)
Chaining Multiple Vulnerabilities to Gain Admin Access	IDOR Account Takeover	Undisclosed	Ben Sadeghipour (@Nahamsec)
Secure Your Jenkins Instance Or Hackers Will Force You To! (Snapchat’s $5,000 Vulnerability)	RCE LFI Exposed Jenkins Instance	Snapchat	Ben Sadeghipour (@Nahamsec)
Airbnb – Web to App Phone Notification IDOR to view Everyone’s Airbnb Messages	IDOR	Airbnb	Brett Buerhaus (@Bbuerhaus) Ben Sadeghipour (@Nahamsec)
Airbnb – Ruby on Rails String Interpolation led to Remote Code Execution	RCE	Airbnb	Brett Buerhaus (@Bbuerhaus) Ben Sadeghipour (@Nahamsec)
Airbnb – Chaining Third-Party Open Redirect into Server-Side Request Forgery (SSRF) via LivePerson Chat	Open Redirect SSRF Path Traversal	Airbnb	Brett Buerhaus (@Bbuerhaus) Ben Sadeghipour (@Nahamsec)
Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities	XSS CSP Bypass	Airbnb	Brett Buerhaus (@Bbuerhaus) Ben Sadeghipour (@Nahamsec)

Page 1 of 1