Portswigger Interesting Vulnerabilities Submissions

This podcast cover a range of cybersecurity vulnerabilities and attack techniques. One source details the reverse engineering of an Android application leading to a remote code execution exploit. Another explores a novel perspective on Server-Side Request Forgery for account takeover. Cross-Window Forgery, a new class of web attack exploiting HTML ID attributes, is also examined. Additionally, the increasing cyber threats to EV charging infrastructure and the role of penetration testing in mitigating them are discussed. Research into exploiting "unexploitable" aspects of Kibana, including remote code execution and prototype pollution, is presented. Furthermore, the concept of smuggling SQL injection queries at the protocol level is explored, alongside vulnerabilities in database wire protocols. DoubleClickjacking, a new UI redressing attack bypassing clickjacking protections, is introduced. Client-Side Path Traversal leading to Cross-Site Request Forgery is another vulnerability discussed, along with hijacking OAuth flows via cookie tossing. Techniques for red teaming Identity Providers like OneLogin and Ping are outlined. Finally, various old and new email attack methods, including address parsing inconsistencies and SMTP injection, are analyzed, and a source code disclosure vulnerability in ASP.NET applications through cookieless sessions is described.

NOW PLAYING

0:00 31:02

1×

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Share this episode

Similar Episodes

AI Unwrapped: The Hidden Impact of Agentic Autonomy

Apr 21, 2026 ·12m

LiteLLM’s Bold Move: Breaking Ties with Delve and the Future of AI Ethics

Mar 31, 2026 ·13m

The Invisible Threat: Unveiling the Claude Extension Flaw

Mar 26, 2026 ·13m

AI in Agriculture: The Promise and the Pitfalls

Feb 5, 2026 ·11m

The AI Vendor Conundrum: Streamlining or Risking It All?

Dec 31, 2025 ·13m

Meta’s Strategic Move: The Manus Acquisition

Dec 30, 2025 ·13m

Similar Podcasts

XXX Tech by SOVRYN Dr. Brian Sovryn The crossroads between technology, sensuality, and metaphysics - and the longest running anarchist podcast in the world! Brought to you by Dr. Brian Sovryn. Dadgets Joe Vargo & Tony Gruenwald We’re dads! We love tech! We know your dad does too! We’re Joe and Tony and this is Dadgets! The Protocol CoinDesk Dive deep into the blockchain realm with The Protocol Podcast, where we unravel the intricate technologies powering cryptocurrencies like Bitcoin and Ethereum. Join us on a journey through the labyrinthine layers of blockchain innovation, as tech-savvy developers sculpt the future of finance and the decentralized web. Led by CoinDesk's adept journalists, we dissect the freshest news and project revelations, demystifying the mechanics and significance of it all for those hungry to grasp the inner workings of this dynamic and rapidly evolving industry.Meet your hosts: Brad Keoun, Sam Kessler, and Margaux Nijkerk…and tune in, techies! AI Generated - EDU Video Podcast Magnus Lian Explore how video tools and AI are transforming education with Magnus Sæternes Lian, Senior Engineer at NTNU and founder of ReadyMedia. This podcast dives into the latest video technologies, real-world use cases, and actionable insights for educators and tech enthusiasts. Created using cutting-edge AI tools like GoogleLM and ElevenLabs, all content is verified for accuracy. Discover practical solutions and stay ahead in the evolving landscape of educational technology!

Frequently Asked Questions

How long is this episode of Tech Unplugged?

This episode is 31 minutes long.

When was this Tech Unplugged episode published?

This episode was published on March 29, 2025.

What is this episode about?

Can I download this Tech Unplugged episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.

URL copied to clipboard!