Critical Thinking - Bug Bounty Podcast cover image

Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)

Critical Thinking - Bug Bounty Podcast

00:00

ZXing's QR Code Dumping Attack

ZXing has a website and that's pretty good. But yeah, you just any QR scanner and just like dump out the QR data from it. Yeah, so then what I notice is that it was a URL. It was like, it said WS colon slash slash, a host, like an IP address, and then a port, and then this long string. So right away, I came up with sort of this attack scenario: What if I'm a malicious attacker? I ARPS booth, I take over the IP address, I kick this other person off, and then I can just like put stuff into the cart. And they closed my report as NA,. There's still

Transcript
Play full episode

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
 Get the app