March 16, 2023

Episode 11: CV$$, Web Cache Deception, and SSTI

The player is loading ...
Episode 11: CV$$, Web Cache Deception, and SSTI
Episode 11: CV$$, Web Cache Deception, and SSTI
Apple Podcasts podcast player badge
Spotify podcast player badge
Castro podcast player badge
RSS Feed podcast player badge
YouTube podcast player badge
Apple Podcasts podcast player iconSpotify podcast player iconCastro podcast player iconRSS Feed podcast player iconYouTube podcast player icon
Season 1

Episode 11: In this episode of Critical Thinking - Bug Bounty Podcast we talk about CVSS (the good, the bad, and the ugly), Web Cache Deception (an underrated vuln class) and a sick SSTI Joel and Fisher found.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

MDSec Outlook Vuln:

https://twitter.com/MDSecLabs/status/1635791863478091778

Jub0bs User-Existance Oracle Tweet:

https://twitter.com/jub0bs/status/1633786349529513986

James Kettle's Tweet About BB ID Header Standardization:

https://twitter.com/albinowax/status/1635951506791755776

15K Snapchat Numeric IDOR:

https://hackerone.com/reports/1819832

Bug Bounty Reports Explained:

https://www.bugbountyexplained.com/

CVSS Calculator:

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

 

Web Cache Deception Write-up:

https://www.blackhat.com/docs/us-17/wednesday/us-17-Gil-Web-Cache-Deception-Attack.pdf