A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
We propose a new exploit technique that brings a whole-new attack surface to bypass SSRF (Server Side Request Forgery) protections. This is a very general attack approach, in which we used in combination with our own fuzzing tool to discover many 0days in built-in libraries of very widely-used programming languages, including Python, PHP, Perl, Ruby, Java, JavaScript, Wget and cURL. The root cause of the problem lies in the inconsistency of URL parsers and URL requesters. By Orange Tsai Full Abstract & Presentation Materials: https://www.blackhat.com/us-17/briefi...
▶︎
Ben Sadeghipour - Owning The Clout Through Server Side Request Forgery - DEF CON 27 Conference
▶︎
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
▶︎
Orange Tsai - Infiltrating Corporate Intranet Like NSA Preauth RCE - DEF CON 27 Conference
▶︎
DEF CON 33 - Cash, Drugs, and Guns - Why Your Safes Aren't Safe - Mark Omo, James Rowley
▶︎
Why I Chose Rust Over Zig
▶︎
k20 - Attacking Secondary Contexts in Web Applications - Sam Curry
▶︎
Co-Creator of Haskell: Functional Programming, Thinking in Types, Useless Languages | Simon Jones
▶︎
DEF CON 26 - Orange Tsai - Breaking Parser Logic Take Your Path Normalization Off and Pop 0Days Out
▶︎
Find and Exploit Server-Side Request Forgery (SSRF)
▶︎
The Biggest Hacking Mystery of Our Time: Shadow Brokers
▶︎
The Story of Python and how it took over the world | Python: The Documentary
▶︎
$31,337 Google Cloud blind SSRF + HANDS-ON labs
▶︎
A New Era Of SSRF Exploiting Url Parsers Orange Tsai
▶︎
Web Cache Deception Attack
▶︎
albinowax - HTTP Desync Attacks: Smashing into the Cell Next Door - DEF CON 27 Conference
▶︎
Anthropic is Completely F*cked.
▶︎
Bug Bounty | $2000 for SSRF bypass using DNS rebinding
▶︎
Viral Video - Exploiting SSRF in Video Converters
▶︎
AI Does Something Horrifying To Human Thinking
▶︎