Trust Ur Knowledge: XSPA/SSRF - Yahoo! as an Example

dimanche 1 décembre 2013

XSPA/SSRF - Yahoo! as an Example


XSPA: Cross-Site Port Attacks
SSRF: Server Side Request Forgery


XSPA allows attackers to abuse available functionality in most web applications to port scan intranet and external Internet facing servers, fingerprint internal (non-Internet exposed) network aware services, perform banner grabbing, identify web application frameworks, exploit vulnerable programs, run code on reachable machines, exploit web application vulnerabilities listening on internal networks, read local files using the file protocol and much more.

Source and more infos:

Example: Yahoo!

By the way i've reported this as a bug (Bug Bounty Program 2013) to Yahoo Security Team, and check their response:

Happy Hacking !!

Aucun commentaire:

Enregistrer un commentaire