Episode 27: Top 7 Esoteric Web Vulnerabilities
Critical Thinking - Bug Bounty Podcast
00:00
The Importance of Path Traversal in APIs
One of the things that's kind of closely related to this that I really like as a class of bug is path traversal through ID. And oftentimes you can put UUID slash dot dot slash some other arbitrary path, some arbitrary internal path or something and it just gets fully concatenated into an internal request. It's in the line of SSRF kind of SRF slash path traversal. But it's a really, really interesting technique. You see it exploited all over the place. Those are some crazy, crazy bugs.
Transcript
Play full episode
