[bounty] CSS Injection and a Google Cloud Project Takeover Bug
Starting off the week strong we have a CSS injection turned full-read SSRF, and a MyBB exploit chain from XSS to server-side code injection. And we've got a couple auth token disclosures to end off the episode.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/183.html
[00:00:00] Introduction
[00:00:22] Unleashing the power of CSS injection: The access key to an internal API
[00:06:50] MyBB
Create your
podcast in
minutes
It is Free