Home

Awesome

Bypass Same Origin Policy - BY-SOP

Bypass Same Origin Policy with DNS-rebinding to retrieve local server file.

EDIT 30/01/2019: Another writeup from a CTF challenge thanks to @limbernie

EDIT 22/01/2018: Another example from @taviso, RCE on Blizzard games using DNS-Rebinding.

EDIT 15/01/2018: @taviso open a pull a request to fix a security issue (Remote Code Execution on Transmission) using this vulnerability. I think it's cool to have an real example on how hacker can use this attack :)

Goal : retrieve a file on a private server http://127.0.0.1/secret.txt This normaly should by impossible due to Same Origin Policy but we will use DNS-rebinding attack to bypass the SOP and retrieve the file.

This attack can be used to breach a private network by causing the victim's web browser to access machines at private IP addresses and returning the results to the attacker.

Important : use the same port, 127.0.0.1 is different from 127.0.0.1:8080, same with https (check this example)

Victim:

Attacker:

Setup

image

Contributor

mpgn

Licences

licence MIT

References