191 - Param Pollution in Golang, OpenEMR, and CRLF Injection [Bug Bounty Podcast]

Parameter pollution for an auth bypass, SQL injection in an ORM, CRLF injection for a WAF bypass...this episode has a great mix of issues.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/191.html

[00:00:00] Introduction
[00:00:26] OpenEMR - Remote Code Execution in your Healthcare System
[00:10:13] Vulnerability write-up - "Dangerous assumptions"
[00:18:05] Chat Question: How do we find topics for the podcast?
[00:19:22] Exploiting Parameter Pollution in Golang Web Apps
[00:24:10] Using CRLF Injection to Bypass a Web …

apps auth bounty bug bug bounty bypass chat code code execution exploiting find golang great healthcare healthcare system injection introduction openemr parameter podcast question remote code remote code execution sql sql injection system topics vulnerability waf waf bypass web web apps write-up