BLIND SSRF in *.stripe.com due to Sentry Misconfiguration

Here is the story , before we doing pentesting we should know our target using any third party service. i dont know about Sentry or what it is, so i dont give a damn about it. iam just using my social media account to get update on what happen in Information Security as example in my twitter , i follow some good information about HackerOne Community to still update my information about what service/application which vulnerable to some CVE :

And at one time HackerOne disclosed bug about their Sentry Misconfiguration , here is the report

https://hackerone.com/reports/374737/

If u ask me what happen in that report submitted by Ruvlol , i dont know what impact if we further research about that issue, because i just reproduce that issue in another company like STRIPE Inc. Because i know Stripe using Sentry to handling error HTTP response, and they run a BugBounty Program , i reproduce this issue and here is what happen

After that i reported this issue to their security team

https://stripe.com/docs/security/stripe

Here is ..

ululululululululuulluu~

Timeline
04–08–18 Bug Reported
14–09–18 Awarded by Stripe

Conclusion

READ THE FUCKING MANUAL KIDZ !

https://hackerone.com/reports/374737/