Y
Hacker News
new
|
ask
|
show
|
jobs
by
homakov
3400 days ago
> SSRF is an extremely bad vulnerability; it's usually game-over on penetration tests
It's usually not. What can you do via HTTP protocol inside the network? Check out ssrf bible.
1 comments
greenleafjacob
3400 days ago
You can smuggle memcached text protocol over HTTP if you can insert a linefeed. I think tptacek meant "bad vulnerability" as in serious, not trivial.
link
homakov
3400 days ago
SSRF usually happens inside a request library that doesn't allow linefeeds. SSRF in general is serious, but HTTP GET SSRF is useless on most hosts.
link