EPISODE · Dec 19, 2023 · 53 MIN
[bounty] IOT Issues and DNS Rebinding
from Day[0] · host dayzerosec
A mix of issues this week, not traditionally bounty topics, but there are some lessons that can be applied. First is a feature, turned vulnerability in VS Code which takes a look at just abusing intentional functionality. Several XOS bugs with a web-console. A Sonos Era 100 jailbreak which involves causing a particular call to fail, a common bug path we've seen before, and some discussion about doing fast DNS rebinding attacks against Chrome and Safari. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/231.html [00:00:00] Introduction [00:01:00] It’s not a Feature, It’s a Vulnerability [00:13:40] Multiple Vulnerabilities In Extreme Networks ExtremeXOS [00:24:06] Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100 [00:30:08] Tricks for Reliable Split-Second DNS Rebinding in Chrome and Safari [00:46:02] Apache Struts2 文件上传漏洞分析(CVE-2023-50164) - 先知社区 [00:48:49] Blind CSS Exfiltration: exfiltrate unknown web pages [00:51:11] Finding that one weird endpoint, with Bambdas The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
What this episode covers
A mix of issues this week, not traditionally bounty topics, but there are some lessons that can be applied. First is a feature, turned vulnerability in VS Code which takes a look at just abusing intentional functionality. Several XOS bugs with a web-console. A Sonos Era 100 jailbreak which involves causing a particular call to fail, a common bug path we've seen before, and some discussion about doing fast DNS rebinding attacks against Chrome and Safari. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/231.html [00:00:00] Introduction [00:01:00] It’s not a Feature, It’s a Vulnerability [00:13:40] Multiple Vulnerabilities In Extreme Networks ExtremeXOS [00:24:06] Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100 [00:30:08] Tricks for Reliable Split-Second DNS Rebinding in Chrome and Safari [00:46:02] Apache Struts2 文件上传漏洞分析(CVE-2023-50164) - 先知社区 [00:48:49] Blind CSS Exfiltration: exfiltrate unknown web pages [00:51:11] Finding that one weird endpoint, with Bambdas The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
NOW PLAYING
[bounty] IOT Issues and DNS Rebinding
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m