Several simple bugs with significant impacts, XSS to being able to install apps, CSRFing via a Captcha, and a Google IDOR.
Posts tagged 'Bounty Podcast'
Several fun issues this week, from a Cobalt Strike RCE, a couple auth bypasses, and stanza smuggling in Jabber.
This week we look at a insecure deserialization (GitLab), argument injection (Packagist), and insecure string interpolation (Apache Commons Text)
No actual bounties this week, but we start off with a discussion on semgrep vs codeql, then get into some cool issues that you can start testing for.
Had some varied issues this week, a file format allowing JScript for a $20,000 bounty, Akamai Cache Poisoning, Universal XSS in Chrome.
Discussion this week around Chrome's Sanitizer API, and bypassing firewalls with webhooks and 0days (ModSecurity bypass), and a pre-auth BitBucket RCE.
We are back at it, covering some write-ups and exploits we found interesting this summer. From browse-powered desyncs, to account take overs
Last bounty episode before our summer vacation, and we are ending off with some cool issues. XML Stanza smuggling in Zoom for a MitM attack, an odd auth bypass, a Gitlab Stored XSS and gadget based CSP bypass, and an interesting technique to leverage a path traversal/desync against NGINX Plus
Kicking off the week with some discussion about DOJ's policy change before getting into some vulnerabilities: "powerdir" a macOS TCC bypass, an integer overflow on the web, and another attack against HelloSign and their Google Drive integration
A lot of cool little bugs this week with some solid impact, Facebook and Priceline account takeovers, F5 iControl Authentication Bypass, and a couple other logic bugs.