EPISODE · Sep 20, 2022 · 1H 15M
[bounty] Reading GitLab Hidden HackerOne Reports and Golang Parameter Smuggling
from Day[0] · host dayzerosec
We are back at it, covering some write-ups and exploits we found interesting this summer. From browse-powered desyncs, to account take overs. Links are available on our website at: https://dayzerosec.com/podcast/reading-gitlab-hidden-hackerone-reports-and-golang-parameter-smuggling.html [00:02:17] Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor [00:15:03] [GitLab] Able to view hackerone report attachments [00:26:59] Forwarding addresses is hard [CVE-2022-31813] [00:32:18] "ParseThru" – Exploiting HTTP Parameter Smuggling in Golang [00:46:41] Browser-Powered Desync Attacks [01:09:30] Scraping the bottom of the CORS barrel (part 1)
What this episode covers
We are back at it, covering some write-ups and exploits we found interesting this summer. From browse-powered desyncs, to account take overs. Links are available on our website at: https://dayzerosec.com/podcast/reading-gitlab-hidden-hackerone-reports-and-golang-parameter-smuggling.html [00:02:17] Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor [00:15:03] [GitLab] Able to view hackerone report attachments [00:26:59] Forwarding addresses is hard [CVE-2022-31813] [00:32:18] "ParseThru" – Exploiting HTTP Parameter Smuggling in Golang [00:46:41] Browser-Powered Desync Attacks [01:09:30] Scraping the bottom of the CORS barrel (part 1)
NOW PLAYING
[bounty] Reading GitLab Hidden HackerOne Reports and Golang Parameter Smuggling
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m