Deleting Rubygems, BIG-IP Auth Bypass, and a Priceline Account Takeover [Bug Bounty Podcast]


A lot of cool little bugs this week with some solid impact, Facebook and Priceline account takeovers, F5 iControl Authentication Bypass, and a couple other logic bugs. Links and vulnerability summaries for this episode are available at: https://ift.tt/Z2OGo95 [00:00:00] Introduction [00:01:55] rubygems CVE-2022-29176 explained [00:06:09] Multiple bugs chained to takeover Facebook Accounts which uses Gmail [00:15:16] [curl] curl removes wrong file on error [CVE-2022-27778] [00:18:33] [Priceline] Account takeover via Google OneTap [00:22:14] F5 iControl REST Endpoint Authentication Bypass Technical Deep Dive [00:29:02] The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF… [00:30:20] Hunting evasive vulnerabilities The DAY[0] Podcast episodes are streamed live on Twitch twice a week: - Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities - Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. The audio-only version of the podcast is available on: -- Apple Podcasts: https://ift.tt/NJq15p3 -- Spotify: https://ift.tt/iKOM8nq -- Google Podcasts: https://ift.tt/JM9IvWp -- Other audio platforms can be found at https://ift.tt/KvRZWOY You can also join our discord: https://ift.tt/CavVbBS Or follow us on Twitter (@dayzerosec) to know when new releases are coming. #BugBounty #EthicalHacking #InfoSec #Podcast

For more hacking info and tutorials visit: https://ift.tt/tMOgPh2

Hello and welcome to the temple of cybersecurity. Now you are watching Deleting Rubygems, BIG-IP Auth Bypass, and a Priceline Account Takeover [Bug Bounty Podcast] published at May 17, 2022 at 03:00PM. If you are looking for tutorials and all the news about the world of hacking and computer security, you have come to the right place. We invite you to subscribe to our newsletter in the box at the top and to follow us on our social networks:

NFT store: https://mintable.app/u/cha0smagick
Twitter: https://twitter.com/freakbizarro
Facebook: https://web.facebook.com/sectempleblogspotcom/
Discord: https://discord.gg/5SmaP39rdM



Ignore tags:
#hacking,#infosec,#tutorial,#bugbounty,#threat,#hunting,#pentest,#hacked,#ethical,#hacker,#cyber,#learn,#security,#computer,#pc,#news

Comments