SSRF restricted to HTTP/HTML on LINE Social Plugins (https://social-plugins.line.me/)

LINE Social Plugins (https://social-plugins.line.me/) is a service that provides LINE users with content sharing on the web. This SSRF attack was caused by bypassing the DNS verification of the parameter value received to check the page information of shared content. Attacks were only possible with the HTTP protocol and internal web communication limited to HTML pages. By using this, it is possible to access the HTML page among web services provided by the http protocol from the internal server.