Auth Bypass, XSS, RCE and more
Day[0] - Un pódcast de dayzerosec

Authentication bypasses, SQL injection, command injection, and more in this web-exploit heavy episode.
- [00:09:11] Facebook v. NSO Group
- [00:18:14] Netsweeper PreAuth RCE
- [00:25:49] SaltStack authorization bypass
- [00:42:02] E-Learning Platforms Getting Schooled
- [01:03:54] Roblox - Subdomain Takeover
- [01:08:09] Fix XSS issue in handling of CDATA in HTML messages · roundcube/roundcubemail@87e4cd0 · GitHub
- [01:10:13] Stealing the Trello token by abusing a cross-iframe XSS on the Butler Plugin
- [01:17:11] Gitlab - Arbitrary file read via the UploadsRewriter when moving and issue
- [01:20:15] Researching Polymorphic Images for XSS on Google Scholar
- [01:27:41] TP-LINK Cloud Cameras Multiple Vulnerabilities
- [01:34:46] Remote Code Execution on Microsoft SharePoint Using TypeConverters [CVE-2020-0932]
- [01:43:03] Firefox js::ReadableStreamCloseInternal Out-Of-Bounds Access
- [01:51:56] Siguza - iOS <13.5 sandbox escape/entitlement 0day
- [02:03:16] Honeysploit: Exploiting the Exploiters
- [02:15:13] Guy's 30 Reverse Engineering Tips & Tricks
- [02:16:45] Remote Code Execution on Nintendo 64 through Morita Shogi 64
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@DAY[0])