Access hands-on labs where you can write your own script to exploit this bug:
[ Ссылка ]
📧 Subscribe to BBRE Premium: [ Ссылка ]
✉️ Sign up for the mailing list: [ Ссылка ]
📣 Follow me on Twitter: [ Ссылка ]
This video is an explanation of a vulnerability from Google bug bounty program. The bug was blind SSRF (Server-side request forgery) and the exploitation led to leaking the service account access token. The researcher, David Nechuta was awarded $31k bounty for it.
🖥 Get $100 in credits for Digital Ocean 🖥
[ Ссылка ]
✎Sign up for Pentesterlab from my referral✎
[ Ссылка ]
Report:
[ Ссылка ]
Reporter's twitter:
[ Ссылка ]
Follow me on twitter:
[ Ссылка ]
Timestamps:
00:00 Intro
00:35 Detecting the SSRF vulnerability
02:11 Basic data exfiltration
04:46 Overcoming load-balancing
07:01 Speeding-up the process by smart regexes
08:47 Try to exploit this vulnerability yourself with hands-on labs
$31,337 Google Cloud blind SSRF + HANDS-ON labs
Теги
ssrfblind ssrfserver-side request forgeryssrf bug bountyhow to exploit blindvulnerabilityexploitgoogle bug bountygcpgoogle cloudbug bountybug bounty reports explainedhackingethical hackingsecurity hackinghackershackeronebug bounty pochow to do bug bountyhow start bug bountybug bounty reportscybersecuritycybersecinfosecappsecwebsecsecurity