153 - Web3 Universal XSS, Breaking BitBucket, and WAF Bypasses
Discussion this week around Chrome's Sanitizer API, and bypassing firewalls with webhooks and 0days (ModSecurity bypass), and a pre-auth BitBucket RCE.
152 - An iOS Bug, Attacking Titan-M, and MTE Arrives
This week we've got some summer highlights: the impact of MTE on Android, an iOS vuln and some primitive chaining in a Titan M exploit
151 - Reading GitLab Hidden HackerOne Reports and Golang Parameter Smuggling
We are back at it, covering some write-ups and exploits we found interesting this summer. From browse-powered desyncs, to account take overs
150 - Fuchsia OS, Printer Bugs, and Hacking Radare2
Some silly issues in radare2, some printer hacking, some kernel vulnerabilities, and a look at exploiting Fuchsia OS on this weeks episode. Just as a reminder this will be our last episode until September.
149 - A Zoom RCE, VMware Auth Bypass, and GitLab Stored XSS
Last bounty episode before our summer vacation, and we are ending off with some cool issues. XML Stanza smuggling in Zoom for a MitM attack, an odd auth bypass, a Gitlab Stored XSS and gadget based CSP bypass, and an interesting technique to leverage a path traversal/desync against NGINX Plus
148 - Pwn2Own, Parallels Desktop, and an AppleAVD Bug
Just a couple vulnerabilities to talk about this week, but some interesting things to talk about in them. We also have some discussion about this year's pwn2own results and a couple things that caught out attention.
147 - Stealing DropBox Google Drive Tokens, a GitLab Bug, and macOS "Powerdir" Vulnerability
Kicking off the week with some discussion about DOJ's policy change before getting into some vulnerabilities: "powerdir" a macOS TCC bypass, an integer overflow on the web, and another attack against HelloSign and their Google Drive integration
146 - Python 3 UAF and PS4/PS5 PPPoE Kernel Bug
We have a couple normally low-impact bugs in Solana rBPF this week netting a $200k bounty, a Python 2.7+ Use-After-Free and a PS4 and PS5 remote kernel heap overflow along with some discussion about exploitability and usability for a jailbreak.
145 - Yanking Rubygems, BIG-IP Auth Bypass, and a Priceline Account Takeover
A lot of cool little bugs this week with some solid impact, Facebook and Priceline account takeovers, F5 iControl Authentication Bypass, and a couple other logic bugs.
144 - Pwn2Owning Routers and Anker Eufy Bugs
Just a few vulnerabilities this week, but we have some codeql discussion as its used to find several vulnerabilities in Accel-PPP VPN server, and a look at a bug submitted to Pwn2Own 2021.