[bounty] Reading GitLab Hidden HackerOne Reports and Golang Parameter Smuggling episode artwork

EPISODE · Sep 20, 2022 · 1H 15M

[bounty] Reading GitLab Hidden HackerOne Reports and Golang Parameter Smuggling

from Day[0] · host dayzerosec

We are back at it, covering some write-ups and exploits we found  interesting this summer. From browse-powered desyncs, to account take  overs.   Links are available on our website at:  https://dayzerosec.com/podcast/reading-gitlab-hidden-hackerone-reports-and-golang-parameter-smuggling.html  [00:02:17] Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor [00:15:03] [GitLab] Able to view hackerone report attachments [00:26:59] Forwarding addresses is hard [CVE-2022-31813] [00:32:18] "ParseThru" – Exploiting HTTP Parameter Smuggling in Golang [00:46:41] Browser-Powered Desync Attacks [01:09:30] Scraping the bottom of the CORS barrel (part 1)

Episode metadata supplied by the publisher feed · Published Sep 20, 2022

We are back at it, covering some write-ups and exploits we found  interesting this summer. From browse-powered desyncs, to account take  overs.   Links are available on our website at:  https://dayzerosec.com/podcast/reading-gitlab-hidden-hackerone-reports-and-golang-parameter-smuggling.html  [00:02:17] Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor [00:15:03] [GitLab] Able to view hackerone report attachments [00:26:59] Forwarding addresses is hard [CVE-2022-31813] [00:32:18] "ParseThru" – Exploiting HTTP Parameter Smuggling in Golang [00:46:41] Browser-Powered Desync Attacks [01:09:30] Scraping the bottom of the CORS barrel (part 1)

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

[bounty] Reading GitLab Hidden HackerOne Reports and Golang Parameter Smuggling

0:00 1:15:20

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 1 hour and 15 minutes long.

When was this Day[0] episode published?

This episode was published on September 20, 2022.

What is this episode about?

We are back at it, covering some write-ups and exploits we found  interesting this summer. From browse-powered desyncs, to account take  overs.   Links are available on our website at:...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!