173 - Remotely Controlling Hyundai and a League of Legends XSS
A variety of issues this week, DOM Clobbering, argument injection, a filesystem race condition, cross-site scripting, and a normalization-based auth bypass.
Posts tagged 'Bounty Podcast'
171 - Tailscale RCE, an SQLi in PAM360, and Exploiting Backstage
Some RCE chains starting with DNS rebinding, always fun to see, a fairly basic SQL injection, and a JS sandbox escape for RCE in Spotify.
169 - Racing Grafana, Stealing Mastadon Passwords, and Cross-Site Tracing
This week has the return of cross-site tracing, HTML injection, a golang specific vulnerable code pattern, and a fun case-sensitivity auth bypass.
167 - Bypassing Pixel Lock Screens and Checkmk RCE
A Pixel Lockscreen bypass and some discussion about dupes in bug bounty, then a long RCE chain, and a look at client-side path traversals.
165 - Apache Batik, Static Site Generators, and an Android App Vuln
Several slightly weird issues this week, a reentrancy attack abusing a read-only function, SSRF and XSS through a statically generated website and others.
163 - A Galaxy Store Bug, Facebook CSRF, and Google IDOR
Several simple bugs with significant impacts, XSS to being able to install apps, CSRFing via a Captcha, and a Google IDOR.
161 - XMPP Stanza Smuggling in Jabber and a Cobalt Strike RCE
Several fun issues this week, from a Cobalt Strike RCE, a couple auth bypasses, and stanza smuggling in Jabber.
159 - GitHub to GitLab RCE and a new PHP Supply Chain Attack
This week we look at a insecure deserialization (GitLab), argument injection (Packagist), and insecure string interpolation (Apache Commons Text)
157 - Got UNIX Sockets and Some Filter Bypasses?
No actual bounties this week, but we start off with a discussion on semgrep vs codeql, then get into some cool issues that you can start testing for.
155 - Akamai Cache Poisoning and a Chrome Universal XSS
Had some varied issues this week, a file format allowing JScript for a $20,000 bounty, Akamai Cache Poisoning, Universal XSS in Chrome.