Original DNS rebinding:
https://youtu.be/R5WB8h7hkrU

This video is an explanation of the vulnerability found by mclaren650sspider and reported on Hackerone to Gitlab. It was SSRF done by DNS rebinding. The researcher exploited the way that the company has fixed the DNS rebinding the first time. It was rewarded $3,500.

Original report:
https://hackerone.com/reports/632101
Reporter:
https://hackerone.com/mclaren650sspider

00:00 Intro
00:27 the original vulnerability
01:24 the previous fix
02:02 the bypass
02:57 the fix

Links to file:
before fix:
https://gitlab.com/gitlab-org/gitlab-foss/-/blob/108c3cf16bed5733ffae086fb62c226961356560/lib/gitlab/url_blocker.rb#L59
after fix:
https://gitlab.com/gitlab-org/gitlab-foss/-/blob/f5c1cd489834e824c83f2ae909cd0dd41fb95dab/lib/gitlab/url_blocker.rb

Add comment

Your email address will not be published. Required fields are marked *