Episode 11: CV$$, Web Cache Deception, and SSTI
Critical Thinking - Bug Bounty Podcast
00:00
How to Score a Vulnerability With CVS
There's no barrier. The barrier is just one extra step that requires me to do something for free with no verification. There are some scenarios where a company will say, hey, if you have to verify your email, then that is PR low. So there's definitely some ways to eke it out. One of the other things that I kind of wanted to shout out since we're talking about CVS is the attack vector metric. You can make a strong argument for a decently scored vulnerability based off of selecting these metrics.
Transcript
Play full episode
