Server-Side Request Forgery (SSRF) Explained And Demonstrated

You rocked the SSRF

YOUR LESSON ROCKS!!! shout out from Indonesia 🙏🏼

I created notes of this video and it fits exactly on 1 A4 piece of paper and clear thanks for the explanation Yang

The first words you spoke was for CSRF not for SSRF

Till now I thought this can be done only in terminal & burpsuite. learned something new thx

Great info as usual, thank you from 🇩🇿

This man is seriously the goat

Thanks Teacher Loi liang for the great tutorial🍷

Thank you Loi Liang Yang for this wonderful tutorial!

Sir you are really a Pro Hacker...
Pls also teach
Rce, LFI, Blind Sql and Xss also Admin based Vulnerabilities!

All respect for you 🙏

All respect for you

Nice video bro 👍👍

Good video, but its a vulnerable web and easy to exploit. show it on a real world website, which have the high security.

ThankYou Sir.

Where did you get the web goat for testing that. Shout out me I'm from Philippines

Spotted Orange Tsai!

change you camera angel sir

Sir can you say what we can do for this PAHD attack, kindly please help us Sir.

Sir,what tool did you use?

you are the best thanks.

great you are the best

Thank you keep going

Greetz from indonesia sir
.
xrelax Security team

Sir, is "CSRF" and "SSRF" are the same thing?

i know there is no 100% security but what i can do for maximum web protection (i still use php and mysql in my website)

it workes like API isnt it?
so I meant we would induce the application to fetch watever we want by chsnging the parameter that relevent to fetching info from server.
is that right?

What is the tool that he used again?

thanks for sharing

So nice

Yo bro is there any way you can help me I was hacked and who ever hacked me rooted my device I have never connected my phone to a computer how is that possible oh another thing one time I looked up my ip and I was redirected to centOS website

You too much bro. 👍😎

nice

people should be ashamed for not subscribing

1st

Cool

some of them work on google and fb

You play minecraft 😳?

My head hurts

TRANSLATE SPANISH BRO PLEASE ? :(

💪🔥💪

first

Wich method of User crackers passworld

Bro I would pay you if you helped me figure out who is fucking with my phone excuse my language..

you sound like the fried rice guy

Webgoat is a website is that ur own?

Sz

666

I am putting "file:///etc/passwd" in a parameter value & I am getting 405 Method Not Allowed response from an NGINX server. Does it mean, it's vulnerable?

webgoat????

Can you help me when merging the payload with any application and when compiling them it appears error: no such file or directory @ rb_sysopen - /tmp/d20210608-3154-19n4sci/aligned.apk Give me a solution please

Dear friend, put this kind of hack right on it through Metasplite video
use auxiliary/gather/android_htmlfileprovider
2- set LHOST
3- set LPORT
ifconfig

Thank you keep going

Thank you keep going