HX-3014 Owning the Cloud through SSRF – Service-Side Request Forgery

Presented at Texas Cyber Summit 2019, Oct. 10, 2019, 2:15 p.m. (60 minutes).

With how many apps are running in the cloud, hacking these instances becomes easier with a simple vulnerability due to an unsanitized user input. In this talk, we’ll discuss a number of different methods that helped us exfil data from different applications using Server-Side Request Forgery (SSRF). Using these methods, we were able to hack some of the major transportation, hospitality, and social media companies and make $50,000 in rewards in 3 months. * What is Server-Side Request Forgery (SSRF)? * What can you do with it? * How do you prevent it? * SSRF via URI Schemes * JIRA CVE SSRF (CVE-2017-9506) * Jenkins SSRF (CVE-2018-1000600) * SSRF via Javascript (XSS) * SSRF via Styling * SSRF using <link rel="attachment"> (PDF Gen ‘0day’) * SSRF via DNS Rebinding * Bonus: RCE via ERB Template Injection * SSRFTest (Tool)

Presenters:

  • Ben Sadeghipour / NahamSec - HackerOne   as Ben Sadeghipour
    Ben is the Head of Hacker Operations at HackerOne by day, and a streamer and hacker by night. He has helped identify and exploit over 600 security vulnerabilities across 100s of web and mobile applications for companies such as Yahoo, Airbnb, Snapchat, The US Department of Defense, Yelp, and more. He also invested time in the security community, by creating a community of 200+ active hackers who share ideas and their experiences. He has also held free workshops and training to teach others about security and web application hacking.

Links:

Similar Presentations: