Critical Thinking - Bug Bounty Podcast

Episode 1: Introductions, Bug Bounty Reports, and BB Tips

24 snips
Jan 9, 2023
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ANECDOTE

GitLab RCE

  • A GitLab researcher earned a $33,000 bounty for discovering a remote code execution (RCE) vulnerability.
  • The vulnerability exploited GitHub imports and Redis commands to gain full Redis takeover.
ADVICE

Bug Bounty Hunting Tips

  • Look for vulnerabilities in initial payloads and Redis injection techniques like replica cloning.
  • Track sources and sinks meticulously during code review.
ANECDOTE

SSRF to RCE

  • Justin Gardner and his mentee found an SSRF in a grocery provider's system, leading to RCE on 56 instances.
  • They gained access through a hidden signup endpoint and exploited an IDOR vulnerability.
Get the Snipd Podcast app to discover more snips from this episode
Get the app