JavaScriptが無効です。ブラウザの設定でJavaScriptを有効にしてください
再生時間:
投稿日:
動画サイト:
画質:
In this video, we talk about Server-Side Request Forgery, a potentially critical bug that affects many web apps today.
YouTube-HackerOne
Intro
Port Scanning
Mitigation
SSRF Mitigations
Shopify SVG Attack
Identifying SSRFs
Watch this Radware Minute episode with Radware's Uri Dorot to learn what SSRF is, common SSRF attacks, and how they can damage online ...
YouTube-Radware
Comments99 · Insecure Direct Object Reference / IDOR Explained // How to Bug Bounty · Server-Side Request Forgery (SSRF) | Complete Guide.
YouTube-NahamSec
What Is Ssrf
How To Identify an Ssrf
Labs
Sample Ssrf
Examples
Not every Ssrf or Not every Server-Side Request Is Vulnerable
Learn how to find server-side request forgery (SSRF) vulnerabilities. We are going to have a look at what to look out for in HTTP requests.
YouTube-Intigriti
Lab overview
What to look for?
Trying to exploit!
Exploiting the app!
Conclusion
00:00 Intro 00:36 How SSRF works 01:38 SSRF Lab 06:06 Finding SSRF 06:52 Avoid reporting false positives! 07:09 Scanning & fuzzing for SSRF ...
YouTube-The Cyber Mentor
How SSRF works
SSRF Lab
Finding SSRF
Avoid reporting false positives!
Scanning & fuzzing for SSRF
Blind SSRF
Outro
Join the Hack Smarter community: https://hacksmarter.org --- In this video, I work through the brand new SSRF room from TryHackMe.
YouTube-Tyler Ramsbey
In this video, we cover the theory behind Server-Side Request Forgery (SSRF) vulnerabilities, how to find these types of vulnerabilities ...
YouTube-Rana Khalil
Introduction
Web Security Academy Course
Agenda
What is a SSRF vulnerability?
How to find SSRF vulnerabilities?
How to exploit SSRF vulnerabilities?
How to prevent SSRF vulnerabilities?
Resources
Thank You
Server-side request forgery or SSRF is a vulnerability that has been catching a lot of steam, but what is it all about?
Server-Side Request forgery is a type of exploit where an attacker abuses the functionality of a server causing it to access or manipulate ...
YouTube-LinuxSploit
Types of Ssrf Attacks
Basic Ssrf Attack
Blind Ssrf Attack
Overview
How To Avoid the Ssrf
How Dangerous Is Ssrf
what is ssrf? #SSRF called Server side request forgery vulnerability. It is server side attack where attacker try to access unauthorized ...
YouTube-vulnmachines
In this video, we cover Lab #6 in the SSRF module of the Web Security Academy. This site uses analytics software which fetches the URL ...
Navigation to the exercise
Understand the exercise and make notes about what is required to solve it
Exploit the lab manually
Summary
Check out ShiftLeft to see how you can find vulnerabilities faster: https://www.shiftleft.io. This video was sponsored by them.
YouTube-PinkDraconian
Juice Shop
SSRF check using PostBin
Exploiting SSRF in Burp
Getting the flag
How to automatically find SSRF
Using ShiftLeft
ShiftLeft Github action
Checking the results
In this video, Busra Demir will explore how to exploit Server Side Request Forgery (SSRF) by using different attack scenarios.
YouTube-Cobalt
Uploading an AVI file
Uploading the file
Starting a simple HTTP server on port 8000
Basic Payloads
Fuzzing internal ports
Exploiting Tomcat backup
Exploiting SSRF + SQL Injection
Union-based SQL injection
Exploiting SSRF + HTML Injection
Different representations of localhost
Hackvertor Tutorial
Double Encoding 4 the win
In this video, we cover Lab #1 in the SSRF module of the Web Security Academy. This application's stock check feature is vulnerable to SSRF.
Setting up Burp Suite
Starting Burp
Stock Check Feature
Accessing the application
Checking if there's an application running on localhost
Rendering the request
Deleting users
Verify SSRF worked
In this video, we cover Lab #2 in the SSRF module of the Web Security Academy. This application's stock check feature is vulnerable to SSRF.
In this video we explain the concept of the security vulnerability SSRF or Server Side Request Forgery. What is it? How does it work?
YouTube-z3nsh3ll
Exploring the SSRF Lab
Inspecting the HTTP Request
Tampering with the Request
Inspecting the Vulnerable Response
Solving the Lab
Share your videos with friends, family, and the world.
YouTube-The XSS rat
http://snyk.co/nahamsec Try Snyk for free and scan your code and applications for vulnerabilities! PLEASE READ: Turns out I was ...
Check Connections
Custom Header
Request Forgery
Today, we are going to dive deeper into SSRF by exploiting a blind one using ShellShock in an example lab. Overview: 00:00 Introduction ...
Checking out the webshop
Getting a request in Burp
Sending request to Repeater
Referer header
Getting Burp collaborator link
How to exploit blind SSRFs
ShellShock
Scanning internal network using Intruder
Getting RCE using ShellShock