writeups.xyz / My Expense Report resulted in a Server-Side Request Forgery (SSRF) on Lyft

Submitter : c2a

Date: 29 May 2020

Bounty : undisclosed

Vulnerabilities :

• SSRF

Programs :

• Lyft

Authors :

• Ben Sadeghipour (@Nahamsec)
• Serafina (Sera) Tonin Brocious (@Daeken)

Link :
https://www.nahamsec.com/posts/my-expense-report-resulted-in-a-server-side-request-forgery-ssrf-on-lyft