Starting off the week strong we have a CSS injection turned full-read SSRF, and a MyBB exploit chain from XSS to server-side code injection. And we've got a couple auth token disclosures to end off the episode.
Posts tagged 'Bounty Podcast'
We've got a cloud focused episode this week, starting with a logging bypass in AWS CloudTrail, a SSH Key injection, and cross-tenant data access in Azure Cognitive Search.
This week kicks off with another look at client-side path traversal attacks, this time with some more case-studies. Then we get into some mobile issues, one a cool desync between DER processors resulting in an iOS privilege escalation. The other a Bundle processing issue in Android that provides an almost use-after-free like primitive but in Java.
First episode of the new year, and we've got some cool stuff. Several authentication issues and "class pollution" in Python.
Is Pwn2Own worth it for bug bounty hunters? A handful of trivial command injections, and some awesome WAF bypasses.
A variety of issues this week, DOM Clobbering, argument injection, a filesystem race condition, cross-site scripting, and a normalization-based auth bypass.
Some RCE chains starting with DNS rebinding, always fun to see, a fairly basic SQL injection, and a JS sandbox escape for RCE in Spotify.
This week has the return of cross-site tracing, HTML injection, a golang specific vulnerable code pattern, and a fun case-sensitivity auth bypass.
A Pixel Lockscreen bypass and some discussion about dupes in bug bounty, then a long RCE chain, and a look at client-side path traversals.
Several slightly weird issues this week, a reentrancy attack abusing a read-only function, SSRF and XSS through a statically generated website and others.