Server-Side Request Forgery (SSRF) in chatwoot/chatwoot
Jul 5th 2021
SSRF via SVG file upload
🕵️♂️ Proof of Concept
create a new inbox, change its avatar to an SVG file with SSRF payload in it. and open the image in a new tab.