all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

195 - Stealing Secrets with Security Advisories and CorePlague [Bug Bounty Podcast]

Add to bookmarks
March 14, 2023, 8 p.m. | DAY[0]

DAY[0] www.youtube.com

A few varied issues this week, exploiting an apparently unexploitable CRLF injection, organization secrets exposure in GitHub, and a Jenkins XSS.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/195.html

[00:00:00] Introduction
[00:00:25] Abusing Hop-by-Hop Header to Chain A CRLF Injection Vulnerability
[00:04:26] HubSpot Full Account Takeover in Bug Bounty
[00:12:22] Unauthorized access to organization secrets in GitHub
[00:17:39] CorePlague: Severe Vulnerabilities in Jenkins Server Lead to RCE
[00:26:37] Firefly: a smart black-box fuzzer for web applications testing …

abusing access account account takeover applications bounty box bug bug bounty crlf injection vulnerability exploiting exposure fuzzer github header hubspot injection introduction jenkins organization podcast rce secrets security security advisories server smart stealing takeover unauthorized access vulnerabilities vulnerability web web applications xss

Visit resource

More from www.youtube.com / DAY[0]

253 - A Retrospective and Future Look Into DAY[0] 1 week, 6 days ago | www.youtube.com
air bounty change future +5
252 - Bypassing KASLR and a FortiGate RCE [Binary Exploitation Podcast] 1 month, 1 week ago | www.youtube.com
aslr binary binary exploitation bypass +23
251 - RCE'ing Mailspring and a .NET CRLF Injection [Bug Bounty Podcast] 1 month, 1 week ago | www.youtube.com
attack attack chain attacks bounty +16
Future of Exploit Development Follow-up (Episode 250) 1 month, 2 weeks ago | www.youtube.com
corruption development exploit exploit development +9
249 - libXPC to Root and Digital Lockpicking [Bug Bounty Podcast] 1 month, 2 weeks ago | www.youtube.com
android authentication authentication bypass bounty +22
248 - Binary Ninja Free and K-LEAK [Binary Exploitation Podcast] 1 month, 3 weeks ago | www.youtube.com
automated binary binary exploitation binary ninja +13
247 - Hacking Google AI and SAML [Bug Bounty Podcast] 1 month, 3 weeks ago | www.youtube.com
auth authentication authentication bypass automated +25
246 - Rust Memory Corruption??? [Binary Exploitation Podcast] 2 months ago | www.youtube.com
access array binary binary exploitation +21
245 - A PHP and Joomla Bug and some DOM Clobbering [Bug Bounty Podcast] 2 months ago | www.youtube.com
api bounty bug bug bounty +20

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Cyber Security Culture – Communication and Content Specialist

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com

Container Hardening, Sr. (Remote | Top Secret)

@ Rackner | San Antonio, TX
View on infosec-jobs.com

GRC and Information Security Analyst

@ Intertek | United States
View on infosec-jobs.com

Information Security Officer

@ Sopra Steria | Bristol, United Kingdom
View on infosec-jobs.com

Casual Area Security Officer South Down Area

@ TSS | County Down, United Kingdom
View on infosec-jobs.com
View more jobs