163 - A Galaxy Store Bug, Facebook CSRF, and Google IDOR [Bug Bounty Podcast]

Several simple bugs with significant impacts, XSS to being able to install apps, CSRFing via a Captcha, and a Google IDOR.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/163.html
[00:00:00] Introduction[00:00:29] Defcon Talks are Available[00:03:10] Galaxy Store Applications Installation/Launching without User Interaction[00:08:49] Facebook SMS Captcha Was Vulnerable to CSRF Attack[00:15:32] Google Data Studio Insecure Direct Object Reference[00:21:06] HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding
The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities  and exploits.