[bounty] IOT Issues and DNS Rebinding episode artwork

EPISODE · Dec 19, 2023 · 53 MIN

[bounty] IOT Issues and DNS Rebinding

from Day[0] · host dayzerosec

A mix of issues this week, not traditionally bounty topics, but there are some lessons that can be applied. First is a feature, turned vulnerability in VS Code which takes a look at just abusing intentional functionality. Several XOS bugs with a web-console. A Sonos Era 100 jailbreak which involves causing a particular call to fail, a common bug path we've seen before, and some discussion about doing fast DNS rebinding attacks against Chrome and Safari. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/231.html [00:00:00] Introduction [00:01:00] It’s not a Feature, It’s a Vulnerability [00:13:40] Multiple Vulnerabilities In Extreme Networks ExtremeXOS [00:24:06] Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100 [00:30:08] Tricks for Reliable Split-Second DNS Rebinding in Chrome and Safari [00:46:02] Apache Struts2 文件上传漏洞分析(CVE-2023-50164) - 先知社区 [00:48:49] Blind CSS Exfiltration: exfiltrate unknown web pages [00:51:11] Finding that one weird endpoint, with Bambdas The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Episode metadata supplied by the publisher feed · Published Dec 19, 2023

A mix of issues this week, not traditionally bounty topics, but there are some lessons that can be applied. First is a feature, turned vulnerability in VS Code which takes a look at just abusing intentional functionality. Several XOS bugs with a web-console. A Sonos Era 100 jailbreak which involves causing a particular call to fail, a common bug path we've seen before, and some discussion about doing fast DNS rebinding attacks against Chrome and Safari. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/231.html [00:00:00] Introduction [00:01:00] It’s not a Feature, It’s a Vulnerability [00:13:40] Multiple Vulnerabilities In Extreme Networks ExtremeXOS [00:24:06] Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100 [00:30:08] Tricks for Reliable Split-Second DNS Rebinding in Chrome and Safari [00:46:02] Apache Struts2 文件上传漏洞分析(CVE-2023-50164) - 先知社区 [00:48:49] Blind CSS Exfiltration: exfiltrate unknown web pages [00:51:11] Finding that one weird endpoint, with Bambdas The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

[bounty] IOT Issues and DNS Rebinding

0:00 53:44

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 53 minutes long.

When was this Day[0] episode published?

This episode was published on December 19, 2023.

What is this episode about?

A mix of issues this week, not traditionally bounty topics, but there are some lessons that can be applied. First is a feature, turned vulnerability in VS Code which takes a look at just abusing intentional functionality. Several XOS bugs with a...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!