-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
1
-
Severity 3 - Minor
Issue Summary
We were recently made aware of a bypass for the webhook url functionality that allows an attacker to send a payload with an email.
Steps to Reproduce
- Navigate to a status page with webhook subscriptions (ex: OpenSea: https://status.opensea.io/#updates-dropdown-webhook)
- Click the Subcribe To Update button
- Choose the updates-dropdown-webhook
- Putting a payload in Webhook URL: https://opensea.com@_says_that_donate_some_etherreum_here//attacker@wearehackerone.com
- Put the victim Email Address then hit the button Subscribe
Expected Results
The email does not contain a clickable link
Actual Results
The webhook url is clickable and may be malicious.
Workaround
Disable webhook subscriptions if the customer wishes to.
- derives
-
STSPG-10804 Loading...
-
STSPG-10844 Loading...