This video is an explanation of the vulnerability found by Alex Chapman and reported to Gitlab on Hackerone. It’s SSRF achieved by DNS rebinding technique. The researchers were awarded $5,000 for this report.
Original report:
https://hackerone.com/reports/541169
Reporter:
https://hackerone.com/ajxchapman
https://twitter.com/ajxchapman
Timestamps:
00:00 Intro
00:16 SSRF
00:48 DNS rebinding
02:46 The fix
#ssrf #dnsrebinding #hackerone #bugbounty
Add comment