May 05, 2020

Auth Bypass, XSS, RCE and more

2 hours 20 minutes

Authentication bypasses, SQL injection, command injection, and more in this web-exploit heavy episode.

[00:09:11] Facebook v. NSO Group

[00:18:14] Netsweeper PreAuth RCE

[00:25:49] SaltStack authorization bypass

https://github.com/saltstack/salt/blob/0b2a5613b345f17339cb90e60b407199b3d26980/salt/master.py#L1139

[00:42:02] E-Learning Platforms Getting Schooled

https://github.com/LearnPress/learnpress/commit/d6f818b5f65b007acbdf62236d4aa549fb33d24a?diff=split

[01:03:54] Roblox - Subdomain Takeover

[01:08:09] Fix XSS issue in handling of CDATA in HTML messages · roundcube/roundcubemail@87e4cd0 · GitHub

[01:10:13] Stealing the Trello token by abusing a cross-iframe XSS on the Butler Plugin

[01:17:11] Gitlab - Arbitrary file read via the UploadsRewriter when moving and issue

[01:20:15] Researching Polymorphic Images for XSS on Google Scholar

[01:27:41] TP-LINK Cloud Cameras Multiple Vulnerabilities

https://seclists.org/fulldisclosure/2020/May/3

https://seclists.org/fulldisclosure/2020/May/4

[01:34:46] Remote Code Execution on Microsoft SharePoint Using TypeConverters [CVE-2020-0932]

[01:43:03] Firefox js::ReadableStreamCloseInternal Out-Of-Bounds Access

[01:51:56] Siguza - iOS <13.5 sandbox escape/entitlement 0day

[02:03:16] Honeysploit: Exploiting the Exploiters

[02:15:13] Guy's 30 Reverse Engineering Tips & Tricks

[02:16:45] Remote Code Execution on Nintendo 64 through Morita Shogi 64

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

View all episodes

By dayzerosec

1010 ratings

May 05, 2020

Auth Bypass, XSS, RCE and more

2 hours 20 minutes

Authentication bypasses, SQL injection, command injection, and more in this web-exploit heavy episode.

[00:09:11] Facebook v. NSO Group

[00:18:14] Netsweeper PreAuth RCE

[00:25:49] SaltStack authorization bypass

https://github.com/saltstack/salt/blob/0b2a5613b345f17339cb90e60b407199b3d26980/salt/master.py#L1139

[00:42:02] E-Learning Platforms Getting Schooled

https://github.com/LearnPress/learnpress/commit/d6f818b5f65b007acbdf62236d4aa549fb33d24a?diff=split

[01:03:54] Roblox - Subdomain Takeover

[01:08:09] Fix XSS issue in handling of CDATA in HTML messages · roundcube/roundcubemail@87e4cd0 · GitHub

[01:10:13] Stealing the Trello token by abusing a cross-iframe XSS on the Butler Plugin

[01:17:11] Gitlab - Arbitrary file read via the UploadsRewriter when moving and issue

[01:20:15] Researching Polymorphic Images for XSS on Google Scholar

[01:27:41] TP-LINK Cloud Cameras Multiple Vulnerabilities

https://seclists.org/fulldisclosure/2020/May/3

https://seclists.org/fulldisclosure/2020/May/4

[01:34:46] Remote Code Execution on Microsoft SharePoint Using TypeConverters [CVE-2020-0932]

[01:43:03] Firefox js::ReadableStreamCloseInternal Out-Of-Bounds Access

[01:51:56] Siguza - iOS <13.5 sandbox escape/entitlement 0day

[02:03:16] Honeysploit: Exploiting the Exploiters

[02:15:13] Guy's 30 Reverse Engineering Tips & Tricks

[02:16:45] Remote Code Execution on Nintendo 64 through Morita Shogi 64

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

56 Listeners

Share Auth Bypass, XSS, RCE and more

Sign up to save your podcasts

Auth Bypass, XSS, RCE and more

Auth Bypass, XSS, RCE and more

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast