This video is an explanation of the vulnerability found by Alex Chapman and reported to Gitlab on Hackerone. It’s SSRF achieved by DNS rebinding technique. The researchers were awarded $5,000 for this report.
Original report:
https://hackerone.com/reports/541169
Reporter:
https://hackerone.com/ajxchapman
https://twitter.com/ajxchapman

Timestamps:
00:00 Intro
00:16 SSRF
00:48 DNS rebinding
02:46 The fix

#ssrf #dnsrebinding #hackerone #bugbounty

Add comment

Your email address will not be published. Required fields are marked *