Loading...

Hackfest 2015: Nicolas Grégoire presented "Server Side Browsing"

1,004 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Nov 26, 2015

Talk Description:
SSRF vulnerabilities (aka CWE-918) allows attackers to submit arbitrary URL to vulnerable applications, and have the application (or one of its components) browse this URL. The talk describes my latest findings regarding this narrow field of AppSec. Of course, being under NDA during my penetration tests, I’ll only covering bugs reported to bounties
programs. That includes Yahoo, Facebook, Prezi, PayPal, Stripe, CoinBase, and more!

Highlights: I was able to compromise some large service providers and earned around 50,000$ for that. Several blacklists were bypassed using little-known quirks in the parsing of URL.

Presented by:
Hackfest communication - http://www.hackfest.ca

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...