Access hands-on labs where you can write your own script to exploit this bug:

This video is an explanation of a vulnerability from Google bug bounty program. The bug was blind SSRF (Server-side request forgery) and the exploitation led to leaking the service account access token. The researcher, David Nechuta was awarded $31k bounty for it.

✉️ Sign up for the mailing list ✉️

☕️ Support my channel by buying me a coffee ☕️

? Get $100 in credits for Digital Ocean ?

✎Sign up for Pentesterlab from my referral✎

Reporter’s twitter:

Follow me on twitter:

00:00 Intro
00:35 Detecting the SSRF vulnerability
02:11 Basic data exfiltration
04:46 Overcoming load-balancing
07:01 Speeding-up the process by smart regexes
08:47 Try to exploit this vulnerability yourself with hands-on labs

Add comment

Your email address will not be published. Required fields are marked *