CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

May 4-6 at Taipei Nangang Exhibition Center, Hall 2

Taiwan's Cybersecurity Researchers
701 Vulnerability Research Lab
  • May 6th (Thu)
  • 10:00 - 10:30
  • 7F 701H

What makes Slack vulnerable to blind SSRF attack

In the cloud era, we usually set proxies to forward messages to the final target service. In the process of messaging forwarding, how could the target service retrieve the IP/Host that the sender was originally used? That is the request headers: X-Forwarded-Host, X-Forwarded-For. In this session, I'll explain the meaning and purpose of the different X-Forwarded-XXX headers. Next, I'll show how the attackers can bypass the IP Ban by the application via the wrong setting of X-Forwarded-For, or even ban other victim's IP. Last, I'll demo the blind SSRF vulnerabilities I found in Slack, which is due to the misconfiguration of the X-Forwarded-Host setting. It should make everyone knows more about the X-Forwarded-XXX headers.

Intermediate
SecDevOps Web SecurityWeb Service Security
Luke

Luke

Software Engineer, IBM

A 10-year experience software engineer, and also have the hacker spirit. Found vulnerabilities on Slack, Google, Facebook.