$10k+5k Web cache poisoning - Github + Firefox - Bug Bounty Reports Explained
Vložit
- čas přidán 2. 06. 2024
- 📧 Subscribe to BBRE Premium: bbre.dev/premium
✉️ Sign up for the mailing list: bbre.dev/nl
📣 Follow me on Twitter: bbre.dev/tw
Today's video is about Web Cache Poisoning attacks found during the yearly research by James Kettle aka albinowax. The bug bounty reports explained in the video come from Github and Mozilla bug bounty programs.
Follow me on twitter:
/ gregxsunday
Video:
• Web Cache Entanglement...
Article:
portswigger.net/research/web-...
Whitepaper:
portswigger.net/kb/papers/c3w...
James' twitter:
/ albinowax
Timestamps:
00:00 Intro
00:27 What is cache?
02:47 basics of cache poisoning
03:54 Github cache poisoning
05:21 Firefox cache poisoning
#cachepoisoning #bugbounty - Věda a technologie
Welcome to the comment section!
First, thanks for watching!
Make sure you are subscribed if you liked the video!
czcams.com/users/BugBountyReportsExplained
Follow me on twitter:
twitter.com/gregxsunday
✉️ Sign up for the mailing list ✉️
mailing.bugbountyexplained.com/
☕️ Support my channel ☕️
www.buymeacoffee.com/bountyexplained
🖥 Get $100 in credits for Digital Ocean 🖥
m.do.co/c/cc700f81d215
Great video! I love the clear explanation and methodical presentation.
thanks! I happy you like it
hii
This is my favourite CZcams channel now
Awesome work bro !!
rply
Thanks man! I got one whose explanation actually comes into my mind
Great to hear that Daniel!
5:07 Is it like Desync attack? Cause the victim is being served our request end of the day?
really informative
good content. 👍👍
😊
At 4:13 I think the body of form-urlencode should be: key=value2 in order to overwrite the key on GET request for poisoning, am i right?
Well, this was a generic example just to explain what fat GET is, but if we go one step further and try to exploit web cache poisoning, indeed we need to overwrite the parameter key.
brother, in the 6:03 min the entry in the 3rd row, is that equivalence correct? I mean why did you disregard the b?
Yes, it's correct.
../ is like coming one directory back
@@BugBountyReportsExplainedthanks for explaining
nice content but i don't understand all of this, i am interested in ethical hacking and bug bounty program where do i have to start? is there any good content on CZcams? please suggest me way.. one question do i need to know the programming for hacking?
you do not need to know programming, but it's useful. For learning, go to OWASP materials and WebSec Academy
Thanks!
thanks for watching!
i think you misspelled referer :D
haha right, I forgot to include this mistake 😂
Referrer is the correct spelling and it was misspelled in the RFC as referer: www.reddit.com/r/ProgrammerHumor/comments/6hbpyl/http_header_referer_was_misspelled_in_the_1996/
❤️
😊
damet garm n1
👌
i was great but i couldn't understand anyway
which part you dont understand?
👍
👌
hii
It's 404 Like :)
where is it? can't find... badum tss
hii
First Comment
first response