This video is an explanation of the SSRF vulnerability found by Sandro Gauci and reported to slack on Hackerone.
* Original report:
* Good explanation of the TURN server
* RFC 5766

00:00 Intro
00:14 password in HTTP response
01:08 what is TURN server?
03:32 What was wrong here?
04:52 Report and reward

Add comment

Your email address will not be published. Required fields are marked *