$16k Stealing secrets.yaml from GitLab using stored XSS - Hackerone bug bounty
Автор: Bug Bounty Reports Explained
Загружено: 2021-11-24
Просмотров: 7028
Описание:
Check out the free, 2-week trial of Detectify:
https://www.detectify.com/BBRE
✉️ Sign up for the mailing list ✉️
https://mailing.bugbountyexplained.com/
This video is an explanation of a bug bounty report submitted to GitLab bug bounty program via Hackerone by William Bowling. It was a 4 step XSS with CSP bypass that at the end was escalated to a critical, serve-side vulnerability that allowed reading arbitrary files from the server. The bug hunter was awarded $16,000 bug bounty for this report.
🖥 Get $100 in credits for Digital Ocean 🖥
https://m.do.co/c/cc700f81d215
Report:
https://hackerone.com/reports/1212067
Reporter's twitter:
/ wcbowling
Follow me on twitter:
/ gregxsunday
Timestamps:
00:00 Intro
00:32 Detectify - the sponsor of today's video
01:37 Escaping href attribute
03:02 How to bypass filename validation?
03:54 XSS without spaces and /
06:32 How to bypass CSP?
07:37 Escalating the XSS to arbitrary file read
Повторяем попытку...
Доступные форматы для скачивания:
Скачать видео
-
Информация по загрузке:
![149 - Zoom RCE, VMware Auth Bypass, and GitLab Stored XSS [Bug Bounty Podcast]](https://imager.clipsaver.ru/91rxtCsw470/max.jpg)
