SSRF on music.line.me through getXML.php
High
L
LY Corporation
Submitted None
Team Summary
Official summary from LY Corporation
The reporter found an endpoint through which limited SSRF could be achieved. It was only possible to issue GET requests served over HTTPS. LFI was not possible. The maximum impact found for this issue was minor service disruption and/or limited information leakage.
Actions:
Reported by
hahwul
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Server-Side Request Forgery (SSRF)