Skip to main content
What functionalities are most often vulnerable to SSRFs? Case study of 124 bug bounty reports
📧 Subscribe to BBRE Premium: https://ift.tt/sZSq8tQ The blogpost with case study methodology: https://bbre.dev/ssrfs ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on twitter: https://bbre.dev/tw I pulled 361 bug bounty reports from the web to make a case study and see how people are making money with SSRFs. From this video, you can learn what functionalities are most often vulnerable to Server-Side Request Forgery in these disclosed reports and also some of my opinions on which of them will become more popular in coming years. Mentioned videos: $12,000 Grafana SSRF in Gitlab: https://youtu.be/Uklsk1WZ2EU $31,337 Google Cloud blind SSRF + HANDS-ON labs: https://youtu.be/ashSoc59z1Y How I found the $1,500 SSRF in Stripe bug bounty program: https://youtu.be/Ga9o--v-grA An overlooked parameter leads to a critical SSRF in Dropbox bug bounty program: https://youtu.be/sMk5ajkJO5o 🖥 Get $100 in credits for Digital Ocean: https://bbre.dev/do Timestamps: 00:00 Intro 00:54 Import by URL 02:14 File uploads 04:39 Headless browsers / HTML rendering 05:36 Webhooks / checking server status 07:36 Proxying 09:16 Security mechanism / library bug 11:43 File storage integration 13:23 Sentry integration 14:43 Host header 15:10 Email configuration 16:32 First request line 18:07 Get access to the full case study and report database
Hello and welcome to the temple of cybersecurity. Now you are watching What functionalities are most often vulnerable to SSRFs? Case study of 124 bug bounty reports published at October 26, 2022 at 11:17AM.
For more hacking info and free hacking tutorials visit: https://ift.tt/iEVz3Jv
follow us on:
Youtube: https://www.youtube.com/channel/UCiu1SUqoBRbnClQ5Zh9-0hQ/
Whatsapp: https://ift.tt/6dgL2bM
Reddit: https://ift.tt/LtcJepM
Telegram: https://ift.tt/HIScrAD
NFT store: https://mintable.app/u/cha0smagick
Twitter: https://twitter.com/freakbizarro
Facebook: https://web.facebook.com/sectempleblogspotcom/
Discord: https://discord.gg/wKuknQA
Ignore tags:
#hacking,#infosec,#tutorial,#bugbounty,#threat,#hunting,#pentest,#hacked,#ethical,#hacker,#cyber,#learn,#security,#computer,#pc,#news
Comments
Post a Comment