091 - WebSocket Hijacking, GitHub review bypass and SQLi to RCE [Bug Bounty Podcast]

preview_player
Показать описание

Just a handful of traditional vulns this week: IDOR, CSRF, SQLi, a logic vuln and zi's boomer side starts to show.

[00:00:00] Introduction
[00:00:18] Remote Chaos Experience
[00:03:30] [Concrete CMS] Stored unauth XSS in calendar event via CSRF
[00:08:47] ‘Websocket Hijacking’ to steal Session_ID of victim users
[00:14:17] IDOR + Account Takeover leads to PII leakage
[00:27:27] Bypassing required reviews using GitHub Actions
[00:33:20] How I Escalated a Time-Based SQL Injection to RCE

The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.

The audio-only version of the podcast is available on:

#BugBounty #Podcast
  1. DAY[0]
Рекомендации по теме
091 - WebSocket 0:45:48

091 - WebSocket Hijacking, GitHub review bypass and SQLi to RCE [Bug Bounty Podcast]

Elliot Ward - 0:30:01

Elliot Ward - Realtime Communications, Realtime Risks

098 - A 1:01:28

098 - A too trusty TrustZone and a few Linux Kernel bugs [Binary Exploitation Podcast]

Kali Linux Harvester: 0:07:48

Kali Linux Harvester: Fix and Install On Kali Linux

What is BurpSuite? 0:01:34

What is BurpSuite? | BurpSuite Tutorial

Interactive Brokers Web 0:28:54

Interactive Brokers Web API [Part 1] - Docker Tutorial

Cómo ganar siempre 1:28:16

Cómo ganar siempre al Poker: Testing de Web Sockets con OWASP ZAP

Django channels + 0:18:06

Django channels + React real time White board application | Websocket + Django channels + React

KnoxvilleJS: How to 1:08:45

KnoxvilleJS: How to hack your own systems by Jared Smith

🔴 Free Dofollow 0:51:20

🔴 Free Dofollow Backlinks From Cloudflare Pages And Cloudflare Workers

Bug Bounty in 0:00:59

Bug Bounty in Android using Termux | How to find Website Subdomains using ☢︎︎Subfinder in termux ?...

Auditing docker images 0:13:48

Auditing docker images with python and anchore

HackTheBox - Soccer 0:36:36

HackTheBox - Soccer

What is an 0:08:38

What is an API in Hindi

Why Running kubelet 0:33:18

Why Running kubelet on your Vacuum Robot is (not) a Good Idea - Christian Simon, Jetstack

JENKINS - Build 0:12:40

JENKINS - Build Jobs and Other Activities Through Jenkins CLI

Web Server Home 0:25:59

Web Server Home Automation Part 02 - Using Nodemcu ESP8266

Create a White 0:45:25

Create a White Board Application using React Js + Django channels , WebSockets

Installations of LUA 0:22:03

Installations of LUA HTTP LIBRARIES IN ANDROID | Full Tutorial | Error Fix | Termux

HackTheBox - Chainsaw 0:53:55

HackTheBox - Chainsaw

HTTP // Live 1:10:03

HTTP // Live #33

How to create 0:01:49

How to create Temporary Email 2024 - Temp Email Tutorial

Free Workshop: Getting 1:40:06

Free Workshop: Getting Started with Playwright for Modern Web Automation on 13th Oct 2024

34C3 2017 1:01:42

34C3 2017 BBSs and early Internet access in the 1990ies