Connect with us

Cyber Security

Security researcher earns plaudits after discovering Yandex SSRF flaw

Published

on

Russian search and internet services giant Yandex has resolved a potentially serious server-side request forgery (SSRF) vulnerability discovered by Egyptian security researcher Momen Ali.

Ali (AKA ‘theCyberGuy’) discovered the vulnerability after a systematic search of Yandex’s infrastructure.

They reported the vulnerability through Yandex’s bug bounty, earning a spot in the organization’s Hall of Fame for November 2021 after the problem was verified and fixed by its development team.

The resolution of the vulnerability cleared the way for Ali to publish a technical blog post explaining his approach to bug bounty hunting, his search to identify potential targets within Yandex’s infrastructure using a variety of Google dorks, and the SSRF vulnerability he eventually uncovered.

The root cause of the vulnerability was a misconfigured server forwarding requests to the hostname specified in the Proxy-Host HTTP header.

“SSRF happened because of injecting HTTP headers such as X-Forwarded-Host, so in my case the SSRF was in HTTP header,” as Ali explained in his write-up.

Ali used a combination of Burp Intruder, Burp Collaborator, and the Nuclei template scanner to uncover and validate the vulnerability.

Server-side fun

SSRF attacks in general allow an attacker to trick a server-side application to make HTTP requests to a domain selected by an attacker, normally for malicious purposes.

This might be done either to siphon off authorization credentials, in some attack scenarios, or to get a server to make a connection to internal-only services within the organization’s infrastructure.

Ali demonstrated that the Yandex SSRF vulnerability posed the latter class of risk without going further and exploring the scope of the problem.

The Daily Swig asked Ali a number of follow-up questions about their research. No word as yet, but we’ll update this story as and when more information comes to hand.

Source: https://portswigger.net/daily-swig/security-researcher-earns-plaudits-after-discovering-yandex-ssrf-flaw

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO