Explore the critical security vulnerability of Server-Side Request Forgery (SSRF) in video converters during this Black Hat conference talk. Delve into how popular video processing tools like ffmpeg can be exploited through HLS (m3u8) playlist processing, potentially leading to full service takeovers. Learn about the implementation details that allow attackers to read files from video conversion servers and gain unauthorized access to cloud-based services. Discover a powerful tool for detecting and exploiting this vulnerability, and witness demonstrations of successful attacks on major platforms like Facebook, Telegram, Microsoft Azure, Flickr, Twitter, and Imgur. Gain valuable insights into the far-reaching implications of this "viral" video exploit and its impact on web application security.
Overview
Syllabus
Viral Video - Exploiting SSRF in Video Converters
Taught by
Black Hat
Related Courses
-
OWASP Top 10 - A10:2021 - Server-Side Request Forgery (SSRF)
-
SSRF vs Business Critical Applications
-
What is Server-Side Request Forgery - SSRF?
-
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages
-
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages
-
Piercing the Veil - Server Side Request Forgery Attacks on Internal Networks
