From SSRF to RCE - Yongtao Wang and Yang Zhang(izy), Pegasus Team and XDSEC
SSRF(Server-Side Request Forgery) is not a new technology. Over the past decades, many security researchers have proposed various attack methods.
In our in-depth research, we explored SSRF from another angle and discovered a new attack surface that most developers and security researchers neglect, which will cause considerable security hazards. Combining the exploitation tricks in our research, we will delve into the far-reaching effects of similar security issues.
The new attack surface brings a new exploit technique that can directly lead to the impact of RCE (Remote Command Execution) via once exploiting. According to it, we found there are many high-risk security flaws in JDK. In addition, these vulnerabilities have already been admitted by the official website of Oracle as a critical patch update.
In this talk, we will introduce these 0day principles, the discovery process and describe them in real-world attack scenarios which have never been noticed. After that, we will release an exploit tool for these vulnerabilities.