What happens when a vendor refused to fix your bug? Well you can go claim a bunch of bounties with it. We also talk about some novel request smuggling research on this episode.
We are joined by Bastian Gruber to start the episode with a discussion about Rust. Then we'll dive into a few interesting vulnerabilities this week including yet another ECDSA implementation issue and some header smuggling research.
A discussion heavy episode this week, starting off with the "new" Trojan Source attackers, and then talking about a handful of interesting vulnerabilities.
Just four bugs this week, but that all are somewhat interesting, from an Instagram 2FA removal, deanonymizing Slack users, a MySQL bug, and how to get cheap reddit coins.
A simple to exploit path traversal in Apache...in 2021, a one-time-password defeat by having it be send to the attacker and victim, and more JWT issues.
A few interesting issues this week, ranging from a macOS Gatekeeper bypass, some oauth flow issues in Facebook, and even an RCE through the password field.
Some drama with the VMWare bounty program, and then a few straight forward vulnerabilities and a really cool Azure Container Instances escape and takeover.
Multiple account takeover vulnerabilities in this episode with three cross-origin communication vulnerabilities in Facebook, an odd OTP endpoint in SnapChat and an open redirect in JetBrains leaking your JWT.