Access hands-on labs where you can write your own script to exploit this bug:
https://mailing.bugbountyexplained.com/gcpssrf

This video is an explanation of a vulnerability from Google bug bounty program. The bug was blind SSRF (Server-side request forgery) and the exploitation led to leaking the service account access token. The researcher, David Nechuta was awarded $31k bounty for it.

✉️ Sign up for the mailing list ✉️
https://mailing.bugbountyexplained.com/

☕️ Support my channel by buying me a coffee ☕️
https://www.buymeacoffee.com/bountyexplained

? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215

✎Sign up for Pentesterlab from my referral✎
https://pentesterlab.com/referral/Vtch_7hLg32TqA

Report:
https://nechudav.blogspot.com/2020/11/31k-ssrf-in-google-cloud-monitoring.html
Reporter’s twitter:
https://twitter.com/david_nechuta

Follow me on twitter:
https://twitter.com/gregxsunday

Timestamps:
00:00 Intro
00:35 Detecting the SSRF vulnerability
02:11 Basic data exfiltration
04:46 Overcoming load-balancing
07:01 Speeding-up the process by smart regexes
08:47 Try to exploit this vulnerability yourself with hands-on labs

Add comment

Your email address will not be published. Required fields are marked *