all InfoSec news
CodeQL query to detect RCE via ZipSlip - $5,500 bounty from GitHub Security Lab
April 24, 2023, 2:40 p.m. | Bug Bounty Reports Explained
Bug Bounty Reports Explained www.youtube.com
📰 Article about writing this query and more practical tips: https://members.bugbountyexplained.com/how-to-write-a-new-codeql-query-and-maximise-payout-rce-via-zipslip-query/
✉️ Sign up for the mailing list: https://bbre.dev/nl
📣 Follow me on twitter: https://bbre.dev/tw
This video is an explanation of a CodeQL query to detect RCE via ZipSlip for which GitHub Security Lab rewarded me $5,500.
Pull request with a change: http://github.com/github/codeql/pull/12208
Hackerone report: http://hackerone.com/reports/1914118
🖥 Get $100 in credits for Digital Ocean: https://bbre.dev/do
Timestamps:
00:00 Intro
00:42 Finding the bug
03:57 The …
bounty bug codeql detect flow github github security lab lab query rce sanitizer security video
More from www.youtube.com / Bug Bounty Reports Explained
HTTP Multiline headers #bugbounty #bugbountytips #bugbountyhunter
1 week, 2 days ago |
www.youtube.com
Browser-powered desync #bugbounty #bugbountytips #bugbountyhunter
1 week, 3 days ago |
www.youtube.com
Client-side path traversal #bugbounty #bugbountytips #bugbountyhunter
1 month, 1 week ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Principal Business Value Consultant
@ Palo Alto Networks | Chicago, IL, United States
Cybersecurity Specialist, Sr. (Container Hardening)
@ Rackner | San Antonio, TX
Penetration Testing Engineer- Remote United States
@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
Internal Audit- Compliance & Legal Audit-Dallas-Associate
@ Goldman Sachs | Dallas, Texas, United States
Threat Responder
@ Deepwatch | Remote