Категории

How to exploit a blind SSRF?

Опубликовано: 16 Ноябрь 2021
на канале: Intigriti
25,121
759

👩‍🎓👨‍🎓 Today, we are going to dive deeper into SSRF by exploiting a blind one using ShellShock in an example lab.

Overview:
00:00 Introduction
00:15 Checking out the webshop
00:25 Getting a request in Burp
00:50 Sending request to Repeater
01:10 Referer header
02:00 Getting Burp collaborator link
02:30 Blind SSRF
03:30 How to exploit blind SSRFs
04:00 ShellShock
05:10 Scanning internal network using Intruder
07:30 Getting RCE using ShellShock
09:00 Outro

For more information, check out https://blog.intigriti.com/hackademy/....

🔗 Portswigger XXS Challenge: https://portswigger.net/web-security/...

---

🧑‍💻 Sign up and start hacking right now - https://go.intigriti.com/register

👾 Join our Discord - https://go.intigriti.com/discord

🎙️ This show is hosted by   / pinkdraconian   ( @PinkDraconian ) &   / intigriti  

👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com/

play_arrow
8,352
63

Put A Finger Down | Drama Queen Edition

Put A Finger Down | Drama Queen Edition
play_arrow
3,171
36

Miss Universe 2018 Favorites - PageantLive with Natalie & Joyce

Miss Universe 2018 Favorites - PageantLive with Natalie & Joyce
play_arrow
54,700
479

Fastcuts Episode 05: Toda Max | Jeepney TV

Fastcuts Episode 05: Toda Max | Jeepney TV
play_arrow
3,203
279

FIVE NIGHTS AT FREDDYS x DEAD BY DAYLIGHT REACTION

FIVE NIGHTS AT FREDDYS x DEAD BY DAYLIGHT REACTION
play_arrow
9,773,892
281 тыс

Anime cosplay|Couples💨|

Anime cosplay|Couples💨|

play_arrow
159
7

MI ଛାଡ଼ିବେ କି Rohit Sharma ? 😲 ଆଗାମୀ IPL ରେ କିଛି ବଡ଼ ହେବାକୁ ଯାଉଛି କି? TRB

MI ଛାଡ଼ିବେ କି Rohit Sharma ? 😲 ଆଗାମୀ IPL ରେ କିଛି ବଡ଼ ହେବାକୁ ଯାଉଛି କି? TRB
play_arrow
3,650
66

Cоревнования по Flat Feeder. Водоем Кричевичи, 7й этап. №2

Cоревнования по Flat Feeder. Водоем Кричевичи, 7й этап. №2
play_arrow
842
17

Free Prostate Cancer Screenings in Philly

Free Prostate Cancer Screenings in Philly
Похожие видео
play_arrow
Decoding Spotify Barcodes - Defcon 32 Coin Challenge Solution [2024]

Decoding Spotify Barcodes - Defcon 32 Coin Challenge Solution [2024]
play_arrow
XSS via CSPT and Open Redirect - Solution to August '24 Challenge (Defcon)

XSS via CSPT and Open Redirect - Solution to August '24 Challenge (Defcon)
play_arrow
Intigriti Kick off 2024

Intigriti Kick off 2024
play_arrow
Exploiting Insecure Output Handling in LLMs

Exploiting Insecure Output Handling in LLMs
play_arrow
Indirect Prompt Injection

Indirect Prompt Injection
play_arrow
Exploiting Vulnerabilities in LLM APIs

Exploiting Vulnerabilities in LLM APIs
play_arrow
Exploiting LLM APIs with Excessive Agency

Exploiting LLM APIs with Excessive Agency
play_arrow
Intigriti Customer Story: Personio

Intigriti Customer Story: Personio
play_arrow
Performing CSRF Exploits Over GraphQL

Performing CSRF Exploits Over GraphQL
play_arrow
Misconfig Mapper - Hacker Tools

Misconfig Mapper - Hacker Tools
play_arrow
Bypassing GraphQL Brute Force Protections

Bypassing GraphQL Brute Force Protections
play_arrow
Finding a Hidden GraphQL Endpoint

Finding a Hidden GraphQL Endpoint
play_arrow
Accidental Exposure of Private GraphQL Fields

Accidental Exposure of Private GraphQL Fields
play_arrow
Accessing Private GraphQL Posts

Accessing Private GraphQL Posts
play_arrow
Prototype Poisoning and Unicode Case Mapping Collision - Solution to March '24 Challenge

Prototype Poisoning and Unicode Case Mapping Collision - Solution to March '24 Challenge
play_arrow
Introduction to GraphQL Attacks

Introduction to GraphQL Attacks
play_arrow
Aggressive Scanning in Bug Bounty (and how to avoid it)

Aggressive Scanning in Bug Bounty (and how to avoid it)
play_arrow
Exploiting Server-side Parameter Pollution in a REST URL

Exploiting Server-side Parameter Pollution in a REST URL
play_arrow
Common Scoping Mistakes

Common Scoping Mistakes
play_arrow
Exploiting Server-side Parameter Pollution in a Query String

Exploiting Server-side Parameter Pollution in a Query String
play_arrow
Understanding Scope, Ethics and Code of Conduct (CoC)

Understanding Scope, Ethics and Code of Conduct (CoC)
play_arrow
Exploiting a Mass Assignment Vulnerability

Exploiting a Mass Assignment Vulnerability
play_arrow
Unicode Normalization and Cookie Path Precedence - Solution to February (Valentines) '24 Challenge

Unicode Normalization and Cookie Path Precedence - Solution to February (Valentines) '24 Challenge
play_arrow
Finding and Exploiting an Unused API Endpoint

Finding and Exploiting an Unused API Endpoint