[my.stripo.email] Blind SSRF Vulnerability in Stripo App Export via Missing Endpoints Export Email Message to Zapier

Introduction Vulnerability Overview

This presentation covers a critical Blind SSRF (Server-Side Request Forgery) vulnerability identified in Stripo's export service. SSRF vulnerabilities allow attackers to manipulate a server to make arbitrary requests to internal or external systems, potentially leading to severe security breaches. The vulnerability exists in the endpoint /exportservice/v3/exports/WEBHOOK/accounts. By providing malicious input in the webhookUrl parameter, an attacker can trigger SSRF, allowing the server to make unauthorized HTTP requests to attacker-controlled systems.