You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I understand that you may be using your own server to serve the downloadUrl url, but I'm still not following how that server of yours can receive the SSRF header value.
Any chance you could clarify it please?
The text was updated successfully, but these errors were encountered:
I find it hard to understand which component reads your custom
SSRFheader introduced here https://github.com/httpvoid/writeups/blob/main/Hacking-Google-Drive-Integrations.md#private-programs-partial-read-ssrf. You are using request smuggling (pipelining) but both requests, the original one as well as the extra one you are injecting, will hithttp://www.googleapis.com/.I understand that you may be using your own server to serve the
downloadUrlurl, but I'm still not following how that server of yours can receive theSSRFheader value.Any chance you could clarify it please?
The text was updated successfully, but these errors were encountered: