[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] Server Side Request Forgery attacks on web-applications
From: Vladimir Vorontsov <vladimir.vorontsov () onsec ! ru>
Date: 2012-11-28 21:37:36
Message-ID: 50B68420.9030007 () onsec ! ru
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/alternative)]
Hello world!
Would like to present some words in webapp security area.
*SSRF - Server Side Request Forgery attacks. The ability to create
requests from the vulnerable server to intra/internet. Using a protocol
supported by available URI schemas, you can communicate with services
running on other protocols (smuggling).
*Slides:
http://www.slideshare.net/d0znpp/ssrf-attacks-and-sockets-smorgasbord-of-vulnerabilities
**Cheatsheet** httphttp://goo.gl/oRMhg <http://t.co/s50aBOWR>
Wish you interesting reading
Thx for attention.
//d0znpp
<http://t.co/s50aBOWR>
[Attachment #7 (text/html)]
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello world!<br>
<br>
Would like to present <span style="color: rgb(51, 51, 51);
font-family: Georgia, 'Times New Roman', serif; font-size: 22px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: 28px; orphans: 2; text-align:
start; text-indent: 0px; text-transform: none; white-space:
normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust:
auto; -webkit-text-stroke-width: 0px; background-color: rgb(255,
255, 255); display: inline !important; float: none;">some words in
webapp security area.</span><br>
<span style="color: rgb(51, 51, 51); font-family: Georgia, 'Times
New Roman', serif; font-size: 22px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing: normal;
line-height: 28px; orphans: 2; text-align: start; text-indent:
0px; text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255); display: inline !important; float: none;"></span><br>
<meta charset="utf-8">
<b id="internal-source-marker_0.9935601174365729" style="color:
rgb(0, 0, 0); font-family: Times; font-size: medium; font-style:
normal; font-variant: normal; letter-spacing: normal; line-height:
normal; orphans: 2; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; font-weight: normal;"><span
style="font-size: 15px; font-family: Arial; color: rgb(0, 0, 0);
background-color: transparent; font-weight: normal; font-style:
normal; font-variant: normal; text-decoration: initial;
vertical-align: baseline; white-space: pre-wrap;">SSRF - Server
Side Request Forgery attacks. The ability to create requests
from the vulnerable server to intra/internet. Using a protocol
supported by available URI schemas, you can communicate with
services running on other protocols (smuggling).<br>
<b>Slides:<br>
<a class="moz-txt-link-freetext" \
href="http://www.slideshare.net/d0znpp/ssrf-attacks-and-sockets-smorgasbord-of-vulnerabilities"> \
http://www.slideshare.net/d0znpp/ssrf-attacks-and-sockets-smorgasbord-of-vulnerabilities</a><br>
</b><b>Cheatsheet</b></span></b> <span style="color: rgb(51,
51, 51); font-family: Georgia, 'Times New Roman', serif;
font-size: 22px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height: 28px;
orphans: 2; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); display: inline !important;
float: none;"><span class="Apple-converted-space"></span></span><a
href="http://t.co/s50aBOWR" class="twitter-timeline-link"
target="_blank" data-expanded-url="http://goo.gl/oRMhg"
title="http://goo.gl/oRMhg" dir="ltr" style="color: rgb(0, 132,
180); text-decoration: underline; font-family: Georgia, 'Times New
Roman', serif; font-size: 22px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; line-height:
28px; orphans: 2; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);"><span class="invisible" style="font-size: 0px; line-height:
0;">http</span><span class="js-display-url">http://goo.gl/oRMhg</span></a><br>
<br>
<br>
Wish you interesting reading<br>
Thx for attention.<br>
<br>
//d0znpp <a href="http://t.co/s50aBOWR"
class="twitter-timeline-link" target="_blank"
data-expanded-url="http://goo.gl/oRMhg"
title="http://goo.gl/oRMhg" dir="ltr" style="color: rgb(0, 132,
180); text-decoration: underline; font-family: Georgia, 'Times New
Roman', serif; font-size: 22px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; line-height:
28px; orphans: 2; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);"><span class="invisible" style="font-size: 0px; line-height:
0;"></span><span class="tco-ellipsis"><span class="invisible"
style="font-size: 0px; line-height: 0;"> <br>
</span></span></a>
</body>
</html>
["signature.asc" (application/pgp-signature)]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic