This event has ended. Visit the official site or create your own event on Sched.
Back To Schedule
Thursday, October 10 • 2:15pm - 3:15pm
HX-3014 Owning the Cloud through SSRF – Service-Side Request Forgery

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

With how many apps are running in the cloud, hacking these instances becomes easier with a simple vulnerability due to an unsanitized user input. In this talk, we’ll discuss a number of different methods that helped us exfil data from different applications using Server-Side Request Forgery (SSRF). Using these methods, we were able to hack some of the major transportation, hospitality, and social media companies and make $50,000 in rewards in 3 months.

  • What is Server-Side Request Forgery (SSRF)?
  • What can you do with it?
  • How do you prevent it?
  • SSRF via URI Schemes
  • JIRA CVE SSRF (CVE-2017-9506)
  • Jenkins SSRF (CVE-2018-1000600)
  • SSRF via Javascript (XSS)
  • SSRF via Styling
  • SSRF using <link rel="attachment"> (PDF Gen ‘0day’)
  • SSRF via DNS Rebinding
  • Bonus: RCE via ERB Template Injection
  • SSRFTest (Tool)

avatar for Ben Sadeghipour

Ben Sadeghipour

Manager, Hacker Operations, HackerOne
Ben is the Head of Hacker Operations at HackerOne by day, and a streamer and hacker by night. He has helped identify and exploit over 600 security vulnerabilities across 100s of web and mobile applications for companies such as Yahoo, Airbnb, Snapchat, The US Department of Defense... Read More →

Thursday October 10, 2019 2:15pm - 3:15pm CDT
TEXAS BALLROOM - E Track 3 600 E Market St, San Antonio, TX Floor 4