???? Follow Jasmin on Twitter: https://x.com/jr0ch17
✉️ Sign up for the mailing list: https://bbre.dev/nl
???? Follow me on Twitter: https://bbre.dev/tw
In this video, we’re with Jasmin “JR0ch17” Landry, going through an amazing SSRF that shows both an interesting way to bypass a permissive regex validation of hosts and then how to exploit an SSRF for a maximum impact even when the cloud metadata isn’t available.
???? Get $100 in credits for Digital Ocean: https://bbre.dev/do
Timestamps:
00:00 Intro
00:27 Discovering a full-read SSRF by bypassing a host validation regex
05:47 How to exploit an SSRF when cloud metadata isn’t reachable?
Add comment