Episode 1: Introductions, Bug Bounty Reports, and BB Tips
Critical Thinking - Bug Bounty Podcast
00:00
Is This a Bug in OctoKit?
GitLab uses this class called Sawyer that sort of like hashes, you know, different IDs and stuff into a format that's used within the code later. So they make an instance of this object and then they're like using it incorrectly. And from there, um, they were able to discover full Redis takeover. They tried getting a netcat shell or a curl or something, but they were blocked by firewalls.
Transcript
Play full episode
