👩🎓👨🎓 Learn how to find server-side request forgery (SSRF) vulnerabilities. We are going to have a look at what to look out for in HTTP requests. After that, we demonstrate how we can circumvent an existing SSRF protection in place by the application.
Overview:
👩🎓👨🎓 Learn how to find server-side request forgery (SSRF) vulnerabilities. We are going to have a look at what to look out for in HTTP requests. After that, we demonstrate one possible attack scenario (including Burp Suite Intruder) that you can use in your daily arsenal!
Overview:
00:00 Intro
00:31 Lab overview
00:59 What to look for?
01:44 Trying to exploit!
02:44 Different representations of localhost
03:09 Exploiting the app!
04:23 Hackvertor Tutorial
05:45 Double Encoding 4 the win
07:13 Conclusion
For more information, check out https://blog.intigriti.com/hackademy/server-side-request-forgery-ssrf/.
🔗 Portswigger XSS Challenge: https://portswigger.net/web-security/ssrf/lab-ssrf-with-blacklist-filter
---
🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register
👾 Join our Discord - https://go.intigriti.com/discord
🎙️ This show is hosted by https://twitter.com/PascalSec (@Hacksplained) & https://twitter.com/intigriti
👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com/
0 Comments