171 - Tailscale RCE, an SQLi in PAM360, and Exploiting Backstage [Bug Bounty Podcast]

Some RCE chains starting with DNS rebinding, always fun to see, a fairly basic SQL injection, and a JS sandbox escape for RCE in Spotify.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/171.html

[00:00:00] Introduction
[00:00:38] RCE in Tailscale, DNS Rebinding, and You [CVE-2022-41924]
[00:17:55] SQL Injection in ManageEngine Privileged Access Management [CVE-2022-40300]
[00:22:34] Unauthenticated Remote Code Execution in Spotify’s Backstage
[00:36:28] Till REcollapse
[00:41:19] Chat Question: Alternatives to IDA Freeware

The DAY[0] Podcast episodes are streamed …

backstage bounty bug bug bounty exploiting podcast rce sqli tailscale