Episode 13: How to Find a Good BBP + Acropalypse + ZDI
Critical Thinking - Bug Bounty Podcast
00:00
Google Analytics Tracking Id
There's a path traversal that you can do that allows you to hit any endpoint on the Uh, you know target domain. What that does is it takes the url and it leaks it to the attacker So I think this is going to be another attack director for you guys to be thinking about as you're as your bug hunting and and Um, you know anytime you can leak the ur the URL Definitely think about awath tokens or think about sensitive information getting placed there. Yeah, absolutelyUm, okay, cool. I think we'll cut the rest of that doc there and uh, let me talk about this report really quick And then we'll we'll peace out so um I just wanted
Transcript
Play full episode
