1/1/2024 0 Comments Video to gif imgurSimple method of shutting down Imgur's Video to GIF serviceĪdditionally, the researcher discovered that by pointing Imgur's Video to GIF service to a special port in his firewall that blocked FTP requests, he could induce a DoS (Denial of Service) state. This allowed the researcher to access any kind of TELNET-based protocols, such as SMTP, and use Imgur's servers to send out emails on his behalf, something that spam campaign operators would have greatly appreciated. In his proof of concept, Farfel used a redirect to a malicious GOPHER link that then started TELNET chat-sessions. He told Imgur to retrieve a URL from his site, which would pass the input filters URL, but when Imgur's libcurl URL retrieved the page's content, it would be redirected to another malicious URL that would have been blocked if fed directly to Imgur. ![]() Secondly, he discovered that while Imgur did some filtering on the user input URLs, he could bypass those filters by creating a redirect on his server. Sneaky URL redirect opens SMTP sessions on Imgur's server He could later mount an attack on Imgur's infrastructure, possibly taking over servers if Imgur staff ever forgot to update their software. This allowed him to find out what libcurl and libssh2 versions the server was running, information that could allow him to search for security vulnerabilities to which those versions are susceptible. Netcat is a networking utility for reading or writing network connections.īy telling Imgur to start a connection to his malicious server via SFTP, he was able to detect what kind of software Imgur's servers were using. In his tests, the researcher discovered that he could initiate requests for protocols such as SSH, POP3, IMAP, STMP, FTP, SFTP, TFTP, DICT, and GOPHER.įarfel created a proof-of-concept Web server where he hosted a netcat server. Farfel discovered that Imgur does not filter out various "dangerous" protocols when parsing this URL, so instead of issuing requests just for HTTP or HTTPS links, Imgur also sends out requests for content via other protocols. Under the hood, Imgur sends out a cURL request using the libcurl library to retrieve the page's content. Imgur did not blacklist certain link types from its Video to GIF service Imgur then parses this link in order to discover videos on the page and, using its proprietary technology, convert it into a GIF image. This service takes a simple URL as user input. Ukrainian security researcher Eugene Farfel (aesteral) brought the issue to Imgur's attention via the company's bug bounty program hosted on the HackerOne bug bounty platform.Īt its core, the problem is an SSRF (Server-Side Request Forgery) vulnerability that affected Imgur's Video to GIF service at /vidgif. Imgur's staff have closed a critical security issue that allowed attackers to use its service to send spam and even shut down some features of its service.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |