$10k+5k Web cache poisoning - Github + Firefox - Bug Bounty Reports Explained

Поделиться
HTML-код
  • Опубликовано: 22 дек 2024

Комментарии • 40

  • @BugBountyReportsExplained
    @BugBountyReportsExplained  3 года назад +3

    Welcome to the comment section!
    First, thanks for watching!
    Make sure you are subscribed if you liked the video!
    ruclips.net/user/BugBountyReportsExplained
    Follow me on twitter:
    twitter.com/gregxsunday
    ✉️ Sign up for the mailing list ✉️
    mailing.bugbountyexplained.com/
    ☕️ Support my channel ☕️
    www.buymeacoffee.com/bountyexplained
    🖥 Get $100 in credits for Digital Ocean 🖥
    m.do.co/c/cc700f81d215

  • @yashmehta9816
    @yashmehta9816 4 года назад +6

    Great video! I love the clear explanation and methodical presentation.

  • @debprasadbanerjee5005
    @debprasadbanerjee5005 Год назад

    5:07 Is it like Desync attack? Cause the victim is being served our request end of the day?

  • @attitalks
    @attitalks 4 года назад

    This is my favourite RUclips channel now

  • @danieltamang2289
    @danieltamang2289 3 года назад

    Thanks man! I got one whose explanation actually comes into my mind

  • @AnPham-uz3td
    @AnPham-uz3td 4 года назад +1

    At 4:13 I think the body of form-urlencode should be: key=value2 in order to overwrite the key on GET request for poisoning, am i right?

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  4 года назад +2

      Well, this was a generic example just to explain what fat GET is, but if we go one step further and try to exploit web cache poisoning, indeed we need to overwrite the parameter key.

  • @krishanuchhabra
    @krishanuchhabra 4 года назад

    Awesome work bro !!

  • @jaywandery9269
    @jaywandery9269 10 месяцев назад

    brother, in the 6:03 min the entry in the 3rd row, is that equivalence correct? I mean why did you disregard the b?

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  10 месяцев назад +1

      Yes, it's correct.
      ../ is like coming one directory back

    • @jaywandery9269
      @jaywandery9269 10 месяцев назад

      @@BugBountyReportsExplainedthanks for explaining

  • @TheThunderSpirit
    @TheThunderSpirit 4 года назад +2

    good content. 👍👍

  • @internetandcomputerprobe4426
    @internetandcomputerprobe4426 3 года назад

    really informative

  • @gf384
    @gf384 4 года назад

    Thanks!

  • @apnadekhtu
    @apnadekhtu 4 года назад

    nice content but i don't understand all of this, i am interested in ethical hacking and bug bounty program where do i have to start? is there any good content on RUclips? please suggest me way.. one question do i need to know the programming for hacking?

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  4 года назад

      you do not need to know programming, but it's useful. For learning, go to OWASP materials and WebSec Academy

  • @simonkoeck
    @simonkoeck 4 года назад +6

    i think you misspelled referer :D

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  4 года назад +2

      haha right, I forgot to include this mistake 😂

    • @geri_revay
      @geri_revay 4 года назад

      Referrer is the correct spelling and it was misspelled in the RFC as referer: www.reddit.com/r/ProgrammerHumor/comments/6hbpyl/http_header_referer_was_misspelled_in_the_1996/

  • @hdphoenix29
    @hdphoenix29 4 года назад +1

    damet garm n1

  • @0x000void
    @0x000void 4 года назад +1

    👍

  • @ca7986
    @ca7986 4 года назад +2

    ❤️

  • @blueman1592
    @blueman1592 4 года назад

    i was great but i couldn't understand anyway

  • @sysrootsysroot2743
    @sysrootsysroot2743 3 года назад

    hii

  • @abrakadabra0072
    @abrakadabra0072 4 года назад

    It's 404 Like :)

  • @medhamid8003
    @medhamid8003 4 года назад +1

    First Comment