GET operations are usually inevitable in most web exploits and the replacement of schemes in a target URL could result in different outcomes for an attacker.
This presentation discusses an attack route via URL schemes. We will first briefly cover the background of URL and URI schemes, their inherent similarities and differences. We then move on to see how we can use and abuse URL schemes to extend attack surfaces and overcome limitations in current SSRF and XXE attack methods.
Additionally we will introduce the URL scheme attack surfaces exposed via different browsers on various platforms and analyze client vulnerabilities that can result from rendering these URL schemes. We will also would disclose a brand new 0day in Mozilla Firefox’s web browser that results in arbitrary code execution.