251 - RCE'ing Mailspring and a .NET CRLF Injection [Bug Bounty Podcast]

In this week's bounty episode, an attack takes an XSS to RCE on Mailspring, a simple MFA bypass is covered, and a .NET CRLF injection is detailed in its FTP functionality.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/251.html

[00:00:00] Introduction
[00:00:20] Making Desync attacks easy with TRACE
[00:16:01] Reply to calc: The Attack Chain to Compromise Mailspring
[00:35:29] $600 Simple MFA Bypass with GraphQL
[00:38:38] Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability [CVE-2023-36049]

Podcast episodes …

attack attack chain attacks bounty bug bug bounty bypass crlf injection easy ftp injection introduction making mfa podcast rce simple trace week xss