Day 70/100 Hack and Improvement

less than 1 minute read

Day 70 comes with HTTP Smuggling to Steal Access Token and SSRF on Vimeo.

HTTP Smuggling to Steal Access Token

From Rajesh Ranjan. Here is the link of the report.

SSRF on Vimeo

From Sam (CoffeeJunkie). Looking for some more content to consume and learn. I came across this writeup from Harsh Jaiswal which talks about a great SSRF found on Vimeo. I was excited reading this write up due to couple bugs that Harsh Jaiswal had to chaing such as path traversal, open redirect, and at the end obtaining a pretty cool SSRF. One of the greatest impact with this SSRF to hit Google metadata API and using the token to add the attackers SSH key to the instance. Full write up here. Enjoy it!

via GIPHY

Leave a comment