Posts tagged 'Bounty Podcast'

Re-accessing the stup page, an unlikely scenario leaking Github Secrets, and a proxying issue in Carbon Black.

Lets talk about "sidedoors" this week, with two vulnerabilities abusing alternative access points, along with an overly verbose error message that actually had some immediate impact, and a look at the challenges of client-sided session.

CSRF lives again in the form of CORF, Cross-Origin Request Forgery with an attack against Grafana. We also take a look at some baby monitor issues and a de-anonymization attack against Twitter.

A "maybe" issue this week in Ruby's net/http library, some long chains leading to XSS, and a look at abusing parameter injection for SSRF in applications integrating with the Google Drive API.

A few unique issues this week, routing issues in ManageEngine, a Little Snitch bypass, an undecodable characters leading to a denial of service.

A new security-related humble bundle, MFA bypass in Box, and a a few older style vulnerabilities: lfi2rce, allow-list bypass with an @ sign, and insecure random number seeds.

This week is a shorter episode looking at some bad code in mermaid.js and Moodle's Shibboleth plugin, and a bit of research regarding URL parsing issues.

More cases of developers make insecure assumptions and getting owned because of it. This week we've got a Flickr account takeover, escalating restricted SSRF into something more useful, and XSS to RCE in Rocket.Chat.

Log4Shell RCE spawns a lot of discussion this episode, but we also look at a W10 RCE, Google SSRF and some CSS injection in uBlock.

Some readily understood vulnerabilities, but with some interesting impacts, from escalating self-XSS to cross-account CSRF, data exfiltration with CSS, web-cache poisoning and MFA bypassing.