Client-side path traversal #bugbounty #bugbountytips #bugbountyhunter
Full video: https://youtu.be/o2rj0utFZvg
📕 The full case study:
📧 Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
📣 Follow me on Twitter: https://bbre.dev/tw
This video is a part of the CSRF case study where I extracted all the disclosed CSRF reports from the Internet and I studied them to adjust my CSRF bug hunting methodology. This free part of the case study covers the SameSite attribute and its impact on reports.
🖥 Get $100 in credits for Digital Ocean: https://bbre.dev/do
Reports mentioned in the video:
https://lokeshdlk77.medium.com/facebook-sms-captcha-was-vulnerable-to-csrf-attack-8db537b1e980
https://github.com/cymtrick/lol/blob/d17ed765129b26a1bf8060757e5aebd4e237c908/_posts/2016-09-20-Facebook-partners-CSRF.md
https://yeuchimse.com/csrf-protection-bypass-in-atlassian-confluence-server/
https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/
https://youtu.be/miQvovD3c04
https://ermetic.com/blog/azure/emojideploy-smile-your-azure-web-service-just-got-rced/
https://gitlab.com/gitlab-org/gitlab/-/issues/365427
https://youtu.be/z27bkSMARA8
https://webs3c.com/t/csrf-leads-to-account-takeover-in-yahoo/93
Видео Client-side path traversal #bugbounty #bugbountytips #bugbountyhunter канала Bug Bounty Reports Explained
📕 The full case study:
📧 Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
📣 Follow me on Twitter: https://bbre.dev/tw
This video is a part of the CSRF case study where I extracted all the disclosed CSRF reports from the Internet and I studied them to adjust my CSRF bug hunting methodology. This free part of the case study covers the SameSite attribute and its impact on reports.
🖥 Get $100 in credits for Digital Ocean: https://bbre.dev/do
Reports mentioned in the video:
https://lokeshdlk77.medium.com/facebook-sms-captcha-was-vulnerable-to-csrf-attack-8db537b1e980
https://github.com/cymtrick/lol/blob/d17ed765129b26a1bf8060757e5aebd4e237c908/_posts/2016-09-20-Facebook-partners-CSRF.md
https://yeuchimse.com/csrf-protection-bypass-in-atlassian-confluence-server/
https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/
https://youtu.be/miQvovD3c04
https://ermetic.com/blog/azure/emojideploy-smile-your-azure-web-service-just-got-rced/
https://gitlab.com/gitlab-org/gitlab/-/issues/365427
https://youtu.be/z27bkSMARA8
https://webs3c.com/t/csrf-leads-to-account-takeover-in-yahoo/93
Видео Client-side path traversal #bugbounty #bugbountytips #bugbountyhunter канала Bug Bounty Reports Explained
Комментарии отсутствуют
Информация о видео
23 марта 2024 г. 18:00:02
00:00:57
Другие видео канала
These privilege escalation endpoints are overlooked feat. Douglas Day #bugbounty #bugbountytips #bug
Can you get bounties for DoS bugs? feat. doomerhunter #bugbounty #bugbountytips #bugbountyhunter
Trailer - HTTP feature you did not know about #bugbounty #bugbountytips #bugbountyhunter
The best bug bounty advice of 2024 feat. Douglas Day #bugbounty #bugbountytips #bugbountyhunter
Going full-time bug bounty, privilege escalation bugs and more with Douglas Day
$25,000 GitHub pages RCE via YAML file - Bug Bounty Reports Explained
$28K Apple Shortcuts IDOR
That’s why most people are bad at code review feat. Louis Nyffenegger #bugbounty #bugbountytips
Node.js’ strange behaviour leads to request smuggling #bugbounty #bugbountytips #bugbountyhunter
Time spent on a target feat. @rhynorater #bugbounty #bugbountytips #bugbountyhunter
Shoutout to Bugcrowd support #bugbounty #bugbountytips #bugbountyhunter
Stealing all your cookies from your mobile Firefox browser - Bug Bounty Reports Explained
Finding criticals in mobile apps - Joel Margolis (0xteknogeek) from @criticalthinkingpodcast
$3,500 Gitlab SSRF by DNS rebinding with bypass explained - Hackerone
This bug could crash your Instagram app #bugbounty #bugbountytips #bugbountyhunter
A method for finding 0days feat. Louis Nyffenegger #bugbounty #bugbountytips #bugbountyhunter
How to report a bug across multiple endpoints to not get screwed feat. Douglas Day #bugbounty #bugbo
A hunter shares exact stats and earnings of his first 12 months of hunting feat. Shreyas Chavhan #bu
Many bug hunters forget about this feat. @rez0 #bugbounty #bugbountytips #bugbountyhunter
The best and worst moments of my bug bounty career #bugbounty #bugbountytips #bugbountyhunter
Turning SQL injection in MySQL into file read #bugbounty #bugbountytips #bugbountyhunter
