SSRF occurrence in website preview used by LINE Official Account Manager (https://manager.line.biz)
Low
L
LY Corporation
Submitted None
Team Summary
Official summary from LY Corporation
LINE Official Account Manager (https://manager.line.biz) uses PagePoker to provide website previews. Here it was not properly validated against the Opengraph image tag target, which could point to an internal network resource.
Actions:
Reported by
jafarakhondali
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$100.00
Submitted
Weakness
Server-Side Request Forgery (SSRF)