Hello guys, this is my first write-up and I would like to share it with the bug bounty community, it’s a SSRF I found some months ago.
DownNotifier is an online tool to monitor a website
downtime. This tool sends an alert to registered email and sms when the website
is down.
DownNotifier has a BBP on Openbugbounty, so I decided to take a look on https://www.downnotifier.com. When I browsed to the website, I noticed a text field for URL and SSRF vulnerability quickly came to mind.