Episode 27: Top 7 Esoteric Web Vulnerabilities
Critical Thinking - Bug Bounty Podcast
00:00
The Elite Hacker's Mindset
The first entry of the timeline is a CVE from 2005 that links to a Secless disclosure back in the wild west days when this used to be like a mailing list. Bitquark, after before long years of waiting has released a short scan tool for exploiting IIS servers with window short names. This can help you enumerate any file or folder on an IIS server and then try to get the full path, not just the full name which isn't available yet.
Transcript
Play full episode
