One cookie set on a subdomain triggered XSS and stole session tokens. One fake image upload gave the attacker a reverse shell.

This episode breaks down two powerful exploits—a cookie-based XSS that bypassed frontend protections, and an RCE through Ghostscript triggered by a disguised PostScript file.

Learn how subtle misconfigurations turned everyday features into full account and server compromise.

Chapters:

00:00 - INTRO

01:08 - FINDING #1 - Cookie-Controlled XSS

12:19 - FINDING #2 - Image Upload to RCE via Ghostscript

19:03 - OUTRO

Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!

🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]
🔗 Podcast Website → Website Link