all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

217 - Insecure Firewalls, MyBB, and Winning with WinRAR [Bug Bounty Podcast]

Add to bookmarks
Oct. 10, 2023, noon | DAY[0]

DAY[0] www.youtube.com

This week we've got some fun issues, including a WinRAR processing bug that results in code execution due (imo) to a filename adjustment when extracting that isn't performed consistently. A MyBB admin-panel RCE, fairly privileged bug but I think the bug pattern could appear elsewhere and is something to watch out for, And several silly issues in a "next-gen" firewall, including source disclosures and RCEs from the login page.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/217.html …

admin admin-panel bounty bug bug bounty code code execution filename firewalls fun imo insecure isn mybb panel podcast privileged rce results week winning winrar

Visit resource

More from www.youtube.com / DAY[0]

253 - A Retrospective and Future Look Into DAY[0] 1 week, 5 days ago | www.youtube.com
air bounty change future +5
252 - Bypassing KASLR and a FortiGate RCE [Binary Exploitation Podcast] 1 month, 1 week ago | www.youtube.com
aslr binary binary exploitation bypass +23
251 - RCE'ing Mailspring and a .NET CRLF Injection [Bug Bounty Podcast] 1 month, 1 week ago | www.youtube.com
attack attack chain attacks bounty +16
Future of Exploit Development Follow-up (Episode 250) 1 month, 2 weeks ago | www.youtube.com
corruption development exploit exploit development +9
249 - libXPC to Root and Digital Lockpicking [Bug Bounty Podcast] 1 month, 2 weeks ago | www.youtube.com
android authentication authentication bypass bounty +22
248 - Binary Ninja Free and K-LEAK [Binary Exploitation Podcast] 1 month, 3 weeks ago | www.youtube.com
automated binary binary exploitation binary ninja +13
247 - Hacking Google AI and SAML [Bug Bounty Podcast] 1 month, 3 weeks ago | www.youtube.com
auth authentication authentication bypass automated +25
246 - Rust Memory Corruption??? [Binary Exploitation Podcast] 2 months ago | www.youtube.com
access array binary binary exploitation +21
245 - A PHP and Joomla Bug and some DOM Clobbering [Bug Bounty Podcast] 2 months ago | www.youtube.com
api bounty bug bug bounty +20

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Researcher

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

Sr. Cyber Risk Analyst

@ American Heart Association | Dallas, TX, United States
View on infosec-jobs.com

Cybersecurity Engineer 2/3

@ Scaled Composites, LLC | Mojave, CA, US
View on infosec-jobs.com

Information Security Operations Manager

@ DP World | Charlotte, NC, United States
View on infosec-jobs.com

Sr Cyber Security Engineer I

@ Staples | Framingham, MA, United States
View on infosec-jobs.com

Security Engineer - Heartland (Remote)

@ GuidePoint Security LLC | Remote in the US
View on infosec-jobs.com
View more jobs