Luke

CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

May 4-6 at Taipei Nangang Exhibition Center, Hall 2

Software Engineer, IBM

A 10-year experience software engineer, and also have the hacker spirit. Found vulnerabilities on Slack, Google, Facebook.

Taiwan's Cybersecurity Researchers

701 Vulnerability Research Lab

May 6th (Thu)
10:00 - 10:30
7F 701H

What makes Slack vulnerable to blind SSRF attack
Chinese Onsite

In this session, I'll explain the meaning and purpose of the different X-Forwarded-XXX headers. Next, I'll show how the attackers can bypass the IP Ban by the application via the wrong setting of X-Forwarded-For, or even ban other victim's IP. Last, I'll demo the blind SSRF vulnerabilities I found in Slack, which is due to the misconfiguration of the X-Forwarded-Host setting. It should make everyone knows more about the X-Forwarded-XXX headers.

SecDevOpsWeb SecurityWeb Service Security

May 4-6 at Taipei Nangang Exhibition Center, Hall 2

Luke

Taiwan's Cybersecurity Researchers

701 Vulnerability Research Lab

May 6th (Thu)

10:00 - 10:30

7F 701H

What makes Slack vulnerable to blind SSRF attack
Chinese Onsite

CYBERSEC 2021

CYBERSEC EXPO

CYBER TAIWAN PAVILION

Contact

Quick Link

May 4-6 at Taipei Nangang Exhibition Center, Hall 2

Luke

Share

Taiwan's Cybersecurity Researchers

701 Vulnerability Research Lab

May 6th (Thu)

10:00 - 10:30

7F 701H

What makes Slack vulnerable to blind SSRF attack Chinese Onsite

What makes Slack vulnerable to blind SSRF attack
Chinese Onsite