why choose aiko
why aiko
trusted by
trusted by
how it works
steps
OOB SSRF in User Profile Update
Risk:
High
Endpoint: PATCH /api/v1/user
Affected Parameter: avatar_url
Request Example:
{
"facets": {
"has_edited_notes": "[REDACTED]",
"has_captured_meeting": "[REDACTED]"
},
"email": "[REDACTED]",
"avatar_url": "http://attacker-owned-site.com/image.jpg"
}