AppSec California 2020, January 21-24 at the Annenberg Beach House, Santa Monica, CA
Back To Schedule
Thursday, January 23 • 3:00pm - 3:50pm
Owning the cloud through SSRF and PDF Generators

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
With how many apps are running in the cloud, hacking these instances becomes easier with a simple vulnerability due to an unsanitized user input. In this talk, we’ll discuss a number of different methods that helped us exfil data from different applications using Server-Side Request Forgery (SSRF). Using these methods, we were able to hack some of the major transportation, hospitality, and social media companies and make $50,000 in rewards in 3 months.

- Intro
What is Server-Side Request Forgery (SSRF)?
What can you do with it?
SSRF via URI Schemes
JIRA CVE SSRF (CVE-2017-9506)
Jenkins SSRF (CVE-2018-1000600)
SSRF via Javascript (XSS)
SSRF via Styling
SSRF using (PDF Gen ‘0day’)
SSRF via DNS Rebinding
Bonus: RCE via ERB Template Injection
SSRFTest (Tool)

avatar for Chris Holt

Chris Holt

Senior Bug Bounty Operations Lead, Verizon Media
Certified by GAIC, NTISSI, PADI, and previously by the USSF, Chris Holt is constantly learning something new. As the Senior Bug Bounty Operations Lead at Verizon Media, he is responsible for the bug bounty program operations, development and growth including live hacking events. Previously... Read More →
avatar for Ben Sadeghipour

Ben Sadeghipour

Manager, Hacker Operations, HackerOne
Ben is the Head of Hacker Operations at HackerOne by day, and a streamer and hacker by night. He has helped identify and exploit over 600 security vulnerabilities across 100s of web and mobile applications for companies such as Yahoo, Airbnb, Snapchat, The US Department of Defense... Read More →

Thursday January 23, 2020 3:00pm - 3:50pm PST
Club Room