Server request forgery attacks -- SSRF (Server Side Request Forgery) has been known since 2008, but only recently used in practical information security work.
Vulnerabilities of this class gives the attacker the ability to send different requests on behalf of the server, which in turn allows you to bypass various network perimeter restrictions giving the attacker the ability to create requests from the vulnerable servers to the intra/internet. Using various protocols supported by available URI schemas in network libraries (such as cURL, LWP and others), attackers can communicate with local and intranet services.
SSRF is used, as a rule, to forge HTTP requests, and SMB requests to carry out attacks like SMB relay. We have expanded the spectrum of SSRF attacks to protocols which are not supported by network libraries by default and also collected all SSRF related info into a cheatsheet. We will show attacks on memcached and PHP FactCGI and will talk about the possibility of working directly with sockets of different applications through SSRF and will present various examples of vulnerabilities and exploitation including new techniques for data retrieving using blind SSRF.
Part of this presentation will be dedicated to the story of many SSRF-related exploits of Yandex - a leading Internet company in Russia, which operates one of the most popular search engines.
ABOUT VLADIMIR VORONTSOV
Vladimir Vorontsov is the founder and lead analyst of ONsec. Vladimir has been engaged in research in the field of web applications security since 2004. He is the CEO and lead expert of the ONsec company as well as the author of numerous researches in the field of web application security. He was awarded by Yandex for winning the "vulnerability search month" contest, by Google for Chrome vulnerabilities, by Trustwave for ModSecurity SQLi Challenge, by 1C Bitrix for competition on proactive defense bypass. He is currently actively engaged in the development of a web application firewall system.
ABOUT ALEXANDER GOLOVKO
Alexander Golovko is security expert of ONsec since 2009. Alexander specializes in network security and operating systems. Also he is active Debian GNU/Linux maintainer. Alexander together with Vladimir are authors of "SSRF bible. Cheatsheet": http://goo.gl/xSoCq
Uploader: Hack In The Box Security Conference