Sign up to save your podcasts
Or
Share [bounty] Reading GitLab Hidden HackerOne Reports and Golang Parameter Smuggling
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Day[0]](https://podcast-api-images.s3.amazonaws.com/corona/show/870239/logo_300x300.jpeg){kind=logo}
[bounty] Reading GitLab Hidden HackerOne Reports and Golang Parameter Smuggling
We are back at it, covering some write-ups and exploits we found interesting this summer. From browse-powered desyncs, to account take overs.
Links are available on our website at: https://dayzerosec.com/podcast/reading-gitlab-hidden-hackerone-reports-and-golang-parameter-smuggling.html
[00:02:17] Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor
[00:15:03] [GitLab] Able to view hackerone report attachments
[00:26:59] Forwarding addresses is hard [CVE-2022-31813]
[00:32:18] "ParseThru" – Exploiting HTTP Parameter Smuggling in Golang
[00:46:41] Browser-Powered Desync Attacks
[01:09:30] Scraping the bottom of the CORS barrel (part 1)
View all episodes
By dayzerosec
4
1010 ratings
We are back at it, covering some write-ups and exploits we found interesting this summer. From browse-powered desyncs, to account take overs.
Links are available on our website at: https://dayzerosec.com/podcast/reading-gitlab-hidden-hackerone-reports-and-golang-parameter-smuggling.html
[00:02:17] Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor
[00:15:03] [GitLab] Able to view hackerone report attachments
[00:26:59] Forwarding addresses is hard [CVE-2022-31813]
[00:32:18] "ParseThru" – Exploiting HTTP Parameter Smuggling in Golang
[00:46:41] Browser-Powered Desync Attacks
[01:09:30] Scraping the bottom of the CORS barrel (part 1)
More shows like Day[0]
View all
Critical Thinking - Bug Bounty Podcast
56 Listeners