Episode 9: Headless Browser SSRF & RebindMultiA Tool Release + Web3 Bug
Critical Thinking - Bug Bounty Podcast
00:00
How to Reset an RPC Server With Just One Call Unauthenticated
This was just a very cool DOS that I had found On the RPC server that ran this wallet. So essentially you could send a JSON call to this server And there was a method in there to reset the server and it was intended to be for development use But they had it turned on for production so Yeah, yeah, I totally just reset the node It was funny because I didn't really understand the impact way back then but it's funny because I was reading through it again and The the triageur from their side commented it was like I haven't verified this but it looks valid the node is effectively Oh no, that's so bad.
Transcript
Play full episode
