Transcription of A New Era of SSRF - Exploiting URL Parser in Trending ...
{{id}} {{{paragraph}}}
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!Orange TsaiTaiwan Orange TsaiThe most professional red team in TaiwanAbout Orange TsaiThe largest hacker conference in Taiwanfounded by Orange TsaiSpeaker-Speaker at several security conferencesHITCON, WooYun, AVTokyoCTFer-CTFs we won champions /in finalists (as team HITCON)DEFCON, Codegate, Boston Key Party, HITB, Seccon, 0 CTF, WCTFB ountyHunter-Vendors I have found Remote Code ExecutionFacebook, GitHub, Uber, Apple, Yahoo, ImgurAbout Orange TsaiAgendaIntroductionMake SSRF great againIssues that lead to SSRF-BypassIssues that lead to protocol smugglingCase studies and DemosMitigationsWhat is SSRF?
Make SSRF great again Issues that lead to SSRF-Bypass Issues that lead to protocol smuggling Case studies and Demos Mitigations. What is SSRF? Server Side Request Forgery Bypass Firewall, Touch Intranet Compromise Internal services Struts2 Redis Elastic. Protocol Smuggling in SSRF Make SSRF more powerful Protocols that are suitable to smuggle ...
Domain:
Source:
Link to this page:
Please notify us if you found a problem with this document:
{{id}} {{{paragraph}}}