153 - Web3 Universal XSS, Breaking BitBucket, and WAF Bypasses

Discussion this week around Chrome's Sanitizer API, and bypassing firewalls with webhooks and 0days (ModSecurity bypass), and a pre-auth BitBucket RCE. Links and summaries are available at https://ift.tt/gjclvYf [00:00:00] Introduction [00:00:31] Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library [00:10:31] Breaking Bitbucket: Pre Auth Remote Command Execution [CVE-2022-36804] [00:16:25] [Chrome] Sanitizer API bypass via prototype pollution [00:23:02] How we Abused Repository Webhooks to Access Internal CI Systems at Scale [00:35:03] WAF bypasses via 0days [00:42:40] Cloning internal Google repos for fun and… info? [00:43:19] How to turn security research into profit: a CL.0 case study
Hello and welcome to the temple of cybersecurity. Now you are watching 153 - Web3 Universal XSS, Breaking BitBucket, and WAF Bypasses published at September 27, 2022 at 03:00PM. For more hacking info and free hacking tutorials visit: https://ift.tt/mTScwq3 follow us on:
Youtube: https://www.youtube.com/channel/UCiu1SUqoBRbnClQ5Zh9-0hQ/
Whatsapp: https://ift.tt/vc94yJ3
Reddit: https://ift.tt/AI5hPed
Telegram: https://ift.tt/UJ9PXTc
NFT store: https://mintable.app/u/cha0smagick
Twitter: https://twitter.com/freakbizarro
Facebook: https://web.facebook.com/sectempleblogspotcom/
Discord: https://discord.gg/wKuknQA



Ignore tags:
#hacking,#infosec,#tutorial,#bugbounty,#threat,#hunting,#pentest,#hacked,#ethical,#hacker,#cyber,#learn,#security,#computer,#pc,#news