SSRF | Reading Local Files from DownNotifier server

Hello guys, this is my first write-up and I would like to share it with the bug bounty community, it’s a SSRF I found some months ago.

DownNotifier is an online tool to monitor a website
downtime. This tool sends an alert to registered email and sms when the website
is down.

DownNotifier has a BBP on Openbugbounty, so I decided to take a look on https://www.downnotifier.com. When I browsed to the website, I noticed a text field for URL and SSRF vulnerability quickly came to mind.

How I was able to create Unauthorized Comments on Facebook Live Stream

Back in October, 2018, I discovered a vulnerability on Facebook that allowed me to create unauthorized comments on live streams of people who aren’t my friends and don’t allow non-friends to comment on their posts.

For this vulnerability, the Facebook Security Team rewarded me a bounty amount of $750, which was the first ever bounty that I ever received.