Critical Thinking - Bug Bounty Podcast cover image

Episode 11: CV$$, Web Cache Deception, and SSTI

Critical Thinking - Bug Bounty Podcast

00:00

CBSS: The Highs and the Lows

CBSS is a semi proxy to allow you to determine like impact to some generic extent. But it should really be like, what does it mean within your company? If you work at Uber,what does it mean for someone's UUID to be leaked? Like, can they access that full user's object? Can they just log in as that user? And it doesn't matter if the mitigating factor is there if it doesn't actually do anything. I think there should be maybe two settings and then a modifier.

Transcript
Play full episode

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
 Get the app