Episode 19: Audit Code, Earn Bounties (Part 2) + Zip-Snip, Sitecore, and more!
Critical Thinking - Bug Bounty Podcast
00:00
How to Do Source Code Review
A source is something like an input parameter or maybe a request handler would be your source function. And then the sink is going to be the function that returns a response to the HTTP server, right? So basically starting from someplace, some path, sinking in another place. A great example of a good sink would be the Python exec function or the Python subprocess Popen function or execute functions in C. The reason why you want to get your data there is because you can pivot and gain greater access control,.
Play episode from 33:09
Transcript
