#BurpSuite #Bambda to detect Blind SSRF via OpenID Connect "request_uri" using out-of-bound detection (e.g. Collaborator).
The vulnerable URL is b64-encoded and included within the canary URL.
👉 gist.github.com/lauritzh/7b3...
📚 security.lauritz-holtmann.de/post/sso-sec...
2
0
0
0
