This video is an explanation of the vulnerability found by Alex Chapman and reported to Gitlab on Hackerone. It’s SSRF achieved by DNS rebinding technique. The researchers were awarded $5,000 for this report.
Original report:

00:00 Intro
00:16 SSRF
00:48 DNS rebinding
02:46 The fix

#ssrf #dnsrebinding #hackerone #bugbounty

Add comment

Your email address will not be published. Required fields are marked *