Explore the critical security vulnerability of Server-Side Request Forgery (SSRF) in video converters during this Black Hat conference talk. Delve into how popular video processing tools like ffmpeg can be exploited through HLS (m3u8) playlist processing, potentially leading to full service takeovers. Learn about the implementation details that allow attackers to read files from video conversion servers and gain unauthorized access to cloud-based services. Discover a powerful tool for detecting and exploiting this vulnerability, and witness demonstrations of successful attacks on major platforms like Facebook, Telegram, Microsoft Azure, Flickr, Twitter, and Imgur. Gain valuable insights into the far-reaching implications of this "viral" video exploit and its impact on web application security.
Overview
Syllabus
Viral Video - Exploiting SSRF in Video Converters
Taught by
Black Hat