$20,000 RCE in GitLab via 0day in exiftool metadata processing library CVE-2021-22204

Поделиться
HTML-код
  • Опубликовано: 15 июл 2024
  • ✉️ Get the 6th issue of the newsletter: mailing.bugbountyexplained.com/6
    📧 Subscribe to BBRE Premium: bbre.dev/premium
    📣 Follow me on Twitter: bbre.dev/tw
    🖥 Get $100 in credits for Digital Ocean 🖥
    m.do.co/c/cc700f81d215
    This video is an explanation of bug bounty report submitted to GitLab by William Bowling. The vulnerability was a remote code execution by a malicious image metadata. The bug existed in exiftool library and was assigned CVE-2021-22204.
    Report:
    hackerone.com/reports/1154542
    devcraft.io/2021/05/04/exifto...
    Reporter's twitter:
    / wcbowling
    Follow me on twitter:
    / gregxsunday
    Timestamps:
    00:00 Intro
    00:54 What is metadata?
    02:41 How exiftool handled \"
    06:16 The exploit
  • НаукаНаука

Комментарии • 21

  • @BugBountyReportsExplained
    @BugBountyReportsExplained  3 года назад +2

    Hi you! Welcome to the comment section. I hope you liked the video😏
    Sign up for BBRE newsletter here to receive the next premium issue for free: mailing.bugbountyexplained.com/

  • @-bubby9633
    @-bubby9633 2 года назад

    Amazingly explained as usual! To think that one tiny detail (i.e. $ being end of string of a newline char) was the course of a 0-day. Didn't even know that simple detail about $ myself but will definitely use it from here on out. Just shows how important regex knowledge is when it comes to bug hunting

  • @vassoharalambous5982
    @vassoharalambous5982 3 года назад

    Amazingg content as usual! makes you think about how many other vulnerabilities exisit

  • @soumyapoddar4711
    @soumyapoddar4711 3 года назад

    Thank you

  • @kakishare9237
    @kakishare9237 3 года назад

    wow thnks man

  • @ahmadshami5847
    @ahmadshami5847 3 года назад +4

    jeez Regex bugs are really something when it comes to critical vulnerability! Yet I couldn't get my head around the complexity of the Regex rules 😂. anyways great video really well explained 👌👌

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  3 года назад +2

      yeah regexes are everywhere. They are not as hard as they seem and it's worth the time to learn them

    • @ahmadshami5847
      @ahmadshami5847 3 года назад

      @@BugBountyReportsExplained yes I am trying my best, but I wanna ask you if you know of any online labs that offer online labs of vulnerable Regex apps cuz I tend to learn from online labs more

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  3 года назад +2

      @@ahmadshami5847 I think you should do normal regex lessons and once you understand them you will be able to find vulnerable regexes in many different vuln classes

    • @ahmadshami5847
      @ahmadshami5847 3 года назад

      @@BugBountyReportsExplained okay cool thanks man 👌

  • @cybersecurity3523
    @cybersecurity3523 3 года назад

    Good bro

  • @imherovirat
    @imherovirat 2 года назад

    Straight above the head

  • @marcinphone6162
    @marcinphone6162 3 года назад +1

    Could you scale the screenshoot to whole screen. It will be useful for mobile watching. Thx

  • @alissonpelcer4317
    @alissonpelcer4317 3 года назад

    How i can learn bug bouty zero to advanceed? u pass path?

    • @united1206
      @united1206 3 года назад

      Be optimized or you will fail

Следующие
Автовоспроизведение
$16k Stealing secrets.yaml from GitLab using stored XSS - Hackerone bug bounty9:48$16k Stealing secrets.yaml from GitLab using stored XSS - Hackerone bug bounty
$16k Stealing secrets.yaml from GitLab using stored XSS - Hackerone bug bountyBug Bounty Reports Explained
Просмотров 6 тыс.
$130,000+ Learn New Hacking Technique in 2021 - Dependency Confusion - Bug Bounty Reports Explained11:12$130,000+ Learn New Hacking Technique in 2021 - Dependency Confusion - Bug Bounty Reports Explained
$130,000+ Learn New Hacking Technique in 2021 - Dependency Confusion - Bug Bounty Reports ExplainedBug Bounty Reports Explained
Просмотров 14 тыс.
$25,000 Stealing GitHub API token with a malicious pull request10:06$25,000 Stealing GitHub API token with a malicious pull request
$25,000 Stealing GitHub API token with a malicious pull requestBug Bounty Reports Explained
Просмотров 4,3 тыс.
ANUEL AA, YOVNGCHIMI - Baby Demon (Video Oficial)05:12ANUEL AA, YOVNGCHIMI - Baby Demon (Video Oficial)
ANUEL AA, YOVNGCHIMI - Baby Demon (Video Oficial)Anuel AA
Просмотров 4,4 млн
CANADA vs USA | USAB SHOWCASE | FULL GAME HIGHLIGHTS | July 10, 202410:45CANADA vs USA | USAB SHOWCASE | FULL GAME HIGHLIGHTS | July 10, 2024
CANADA vs USA | USAB SHOWCASE | FULL GAME HIGHLIGHTS | July 10, 2024NBA
Просмотров 8 млн
My Puzzle Robot is 200x Faster Than a Human21:21My Puzzle Robot is 200x Faster Than a Human
My Puzzle Robot is 200x Faster Than a HumanMark Rober
Просмотров 7 млн
I Played Minecraft’s Official 15 Year Anniversary Map32:02I Played Minecraft’s Official 15 Year Anniversary Map
I Played Minecraft’s Official 15 Year Anniversary MapaCookieGod
Просмотров 780 тыс.
Creating a YouTube TV that could steal your private videos - $6,000 CSRF9:06Creating a YouTube TV that could steal your private videos - $6,000 CSRF
Creating a YouTube TV that could steal your private videos - $6,000 CSRFBug Bounty Reports Explained
Просмотров 4,3 тыс.
$2,500 Leaking parts of private Hackerone reports - timeless cross-site leaks10:14$2,500 Leaking parts of private Hackerone reports - timeless cross-site leaks
$2,500 Leaking parts of private Hackerone reports - timeless cross-site leaksBug Bounty Reports Explained
Просмотров 4,7 тыс.
Extract iPhone and Android EXIF metadata from online photos using PYTHON // OSINT with Kali Linux17:03Extract iPhone and Android EXIF metadata from online photos using PYTHON // OSINT with Kali Linux
Extract iPhone and Android EXIF metadata from online photos using PYTHON // OSINT with Kali LinuxDavid Bombal
Просмотров 188 тыс.
Log4j RCE vulnerability explained with bypass for the initial fix (CVE-2021-44228, CVE-2021-45046)14:28Log4j RCE vulnerability explained with bypass for the initial fix (CVE-2021-44228, CVE-2021-45046)
Log4j RCE vulnerability explained with bypass for the initial fix (CVE-2021-44228, CVE-2021-45046)Bug Bounty Reports Explained
Просмотров 10 тыс.
What functionalities are vulnerable to SSRFs? Case study of 124 bug bounty reports19:58What functionalities are vulnerable to SSRFs? Case study of 124 bug bounty reports
What functionalities are vulnerable to SSRFs? Case study of 124 bug bounty reportsBug Bounty Reports Explained
Просмотров 14 тыс.
Adding infinite funds to your Steam wallet - $7,500 bug bounty report8:52Adding infinite funds to your Steam wallet - $7,500 bug bounty report
Adding infinite funds to your Steam wallet - $7,500 bug bounty reportBug Bounty Reports Explained
Просмотров 30 тыс.
$28k IDOR that broke Apple Shortcuts - Apple bug bounty8:04$28k IDOR that broke Apple Shortcuts - Apple bug bounty
$28k IDOR that broke Apple Shortcuts - Apple bug bountyBug Bounty Reports Explained
Просмотров 6 тыс.
WhatsApp - a malicious GIF that could execute code on your smartphone - Bug Bounty Reports Explained10:38WhatsApp - a malicious GIF that could execute code on your smartphone - Bug Bounty Reports Explained
WhatsApp - a malicious GIF that could execute code on your smartphone - Bug Bounty Reports ExplainedBug Bounty Reports Explained
Просмотров 33 тыс.
Strange File in Downloads Folder? Gootloader Malware Analysis30:20Strange File in Downloads Folder? Gootloader Malware Analysis
Strange File in Downloads Folder? Gootloader Malware AnalysisJohn Hammond
Просмотров 682 тыс.
ВОЗМОЖНО ЛИ ПОЧИСТИТЬ КЛАВИАТУРУ КЛЕЕМ?🤔 #shorts01:00ВОЗМОЖНО ЛИ ПОЧИСТИТЬ КЛАВИАТУРУ КЛЕЕМ?🤔 #shorts
ВОЗМОЖНО ЛИ ПОЧИСТИТЬ КЛАВИАТУРУ КЛЕЕМ?🤔 #shortsWinden
Просмотров 10 млн
Лучший Fold 6, Flip 6, Galaxy Watch и Buds: обзор всех новинок Unpacked 202416:50Лучший Fold 6, Flip 6, Galaxy Watch и Buds: обзор всех новинок Unpacked 2024
Лучший Fold 6, Flip 6, Galaxy Watch и Buds: обзор всех новинок Unpacked 2024BIG GEEK
Просмотров 56 тыс.
Clicks чехол-клавиатура для iPhone ⌨️00:59Clicks чехол-клавиатура для iPhone ⌨️
Clicks чехол-клавиатура для iPhone ⌨️serg1us
Просмотров 2 млн
Windows 7. 15 лет спустя. Что она ЕЩЁ может?15:50Windows 7. 15 лет спустя. Что она ЕЩЁ может?
Windows 7. 15 лет спустя. Что она ЕЩЁ может?Daniel Myslivets
Просмотров 46 тыс.
ЗАКОПАЛ НОВЫЙ ТЕЛЕФОН!!!🎁😱00:28ЗАКОПАЛ НОВЫЙ ТЕЛЕФОН!!!🎁😱
ЗАКОПАЛ НОВЫЙ ТЕЛЕФОН!!!🎁😱Alex Voroshilow
Просмотров 15 тыс.
New setup part 3: There's still a lot to add #setup #gamer #gameroom #techhouse #gamingtech00:50New setup part 3: There's still a lot to add #setup #gamer #gameroom #techhouse #gamingtech
New setup part 3: There's still a lot to add #setup #gamer #gameroom #techhouse #gamingtechMaccaGames
Просмотров 2,2 млн
Мой инст: denkiselef. Как забрать телефон через экран.00:54Мой инст: denkiselef. Как забрать телефон через экран.
Мой инст: denkiselef. Как забрать телефон через экран.Денис Киселев
Просмотров 2,3 млн
ХУДШАЯ ВИДЕОКАРТА ДЛЯ ПОКУПКИ!?🤬17:22ХУДШАЯ ВИДЕОКАРТА ДЛЯ ПОКУПКИ!?🤬
ХУДШАЯ ВИДЕОКАРТА ДЛЯ ПОКУПКИ!?🤬Daniil Gerasimov
Просмотров 67 тыс.