$3,500 Gitlab SSRF by DNS rebinding with bypass explained – Hackerone
https://youtu.be/R5WB8h7hkrU
This video is an explanation of the vulnerability found by mclaren650sspider and reported on Hackerone to Gitlab. It was SSRF done by DNS rebinding. The researcher exploited the way that the company has fixed the DNS rebinding the first time. It was rewarded $3,500.
Original report:
https://hackerone.com/reports/632101
Reporter:
https://hackerone.com/mclaren650sspider
00:00 Intro
00:27 the original vulnerability
01:24 the previous fix
02:02 the bypass
02:57 the fix
Links to file:
before fix:
https://gitlab.com/gitlab-org/gitlab-foss/-/blob/108c3cf16bed5733ffae086fb62c226961356560/lib/gitlab/url_blocker.rb#L59
after fix:
https://gitlab.com/gitlab-org/gitlab-foss/-/blob/f5c1cd489834e824c83f2ae909cd0dd41fb95dab/lib/gitlab/url_blocker.rb
Add comment