153 - Web3 Universal XSS, Breaking BitBucket, and WAF Bypasses
Discussion this week around Chrome's Sanitizer API, and bypassing firewalls with webhooks and 0days (ModSecurity bypass), and a pre-auth BitBucket RCE.
Posts tagged 'Bounty Podcast'
151 - Reading GitLab Hidden HackerOne Reports and Golang Parameter Smuggling
We are back at it, covering some write-ups and exploits we found interesting this summer. From browse-powered desyncs, to account take overs
149 - A Zoom RCE, VMware Auth Bypass, and GitLab Stored XSS
Last bounty episode before our summer vacation, and we are ending off with some cool issues. XML Stanza smuggling in Zoom for a MitM attack, an odd auth bypass, a Gitlab Stored XSS and gadget based CSP bypass, and an interesting technique to leverage a path traversal/desync against NGINX Plus
147 - Stealing DropBox Google Drive Tokens, a GitLab Bug, and macOS "Powerdir" Vulnerability
Kicking off the week with some discussion about DOJ's policy change before getting into some vulnerabilities: "powerdir" a macOS TCC bypass, an integer overflow on the web, and another attack against HelloSign and their Google Drive integration
145 - Yanking Rubygems, BIG-IP Auth Bypass, and a Priceline Account Takeover
A lot of cool little bugs this week with some solid impact, Facebook and Priceline account takeovers, F5 iControl Authentication Bypass, and a couple other logic bugs.
143 - Cloudflare Pages, Hacking a Bank, and Attacking Price Oracles
Some interesting vulnerabilities this week from a Cloudflare Pages container escape chain, to hacking a bank's web application with some neat tricks to get abuse a file-write in a hardened envrionment, and even another dumb smart-contract bug.
141 - XSS for NFTs, a VMWare Workspace ONE UEM SSRF, and GitLab CI Container Escape
Some straight forward bugs this week with some interesting discussion around cryptographic protocols (VMWare Workspace), XSS in the Web3 world, and whether container escapes into a low-privileged VM matter. Along with a couple just note-worthy test-cases to keep in mind while bug hunting.
139 - A Struts RCE, Broken Java ECDSA (Psychic Signatures) and a Bad Log4Shell Fix
An intresting mix of issues from crypto (Psychic Signatures), to a bad vulnerability patching service (patching log4shell), and bad logic leading to authentication bypassing and leaking sensitive keys.
137 - Taking Over an Internal AWS Service and an Interesting XSS Vector
Short episode this week, looking at some relatively simple vulnerabilities ranging XSS, to leaking internal service credentials in AWS Relational Database Service by disabling validiation.
135 - A Double-Edged SSRF, Pritunl VPN LPE, and a NodeBB Vuln
Quick bounty episode this week with some request smuggling, abusing a SSRF for client-sided impact, a weird oauth flow, and a desktop VPN client LPE.