Community

Disk cache in the context of a nonce CSP bypass

Nonce CSP bypass using disk cache, ‘quiet side channel’ for request smuggling, Amazon Q and the malicious pull request – ethical hacker news roundup

Argentinian hunter Adrián Pedrazzoli – aka lemonoftroy – says “IDORs and broken access control bugs are my favourite bugs” in this interview with the YesWeHack Bug Bounty platform

‘It was a revelation’: lemonoftroy’s origin story and hacking methodology

Bug Bounty hacker 4mb4 says “my favourite bug was an IDOR at a $1 billion company” in this interview with YesWeHack

‘I have the patience to spend long hours hacking through the night’: g4mb4 on his Bug Bounty career so far

Ethical hacker leorac says “Bug Bounty is a rollercoaster of emotions” in this interview with YesWeHack

‘The most challenging part is the psychological one’ – leorac on the ups and downs of Bug Bounty hunting

Parsing logic workflow

Chunked-body parsing flaws, making self-XSS great again, using HTTP redirect loops to achieve non-blind SSRFs – ethical hacker news roundup

YesWeHack interview with ethical hacker gregxsunday aka Grzegorz Niedziela about Bug Bounty, in which he says “I’m paying a lot of attention to SSO or SAML flaws”

‘Feeling close to a critical vulnerability is incredibly addictive’ – YouTuber gregxsunday on the joys of Bug Bounty

L’Oréal Live Bug Bounty at LeHACK 2024

Flashback to the L’Oréal Live Bug Bounty: Watch last year’s highlights as anticipation builds for leHACK 2025

A double-clickjacking attack, exploit or vulnerability

Ultimate double-clickjacking exploit, novel HTTP/2 request tunnelling techniques, when encryption makes matters worse – ethical hacker news roundup

Signature spoofing OpenPGP

Critical signature-spoofing vulnerability in OpenPGP.js hits the headlines

GitHub screenshot

‘Airborne’ AirPlay attacks, netting $64k from deleted files, triaging AI slop – ethical hacker news roundup

Vulnerabilities affecting middleware

Middleware mayhem, Zoolander banter PoC, Malta to pardon hackers over ‘unfair’ charges – ethical hacker news roundup

YouTube email leak exploit, Great ‘Wallbleed’ of China, Burp’s overlooked ‘best feature’ – ethical hacker news roundup