In this episode of Critical Thinking - Bug Bounty Podcast we talk about CVSS (the good, the bad, and the ugly), Web Cache Deception (an underrated vuln class) and a sick SSTI Joel and Fisher (https://twitter.com/Regala_) found.
Follow us on twitter at: https://twitter.com/ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
https://twitter.com/realytcracker
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
MDSec Outlook Vuln: https://twitter.com/MDSecLabs/status/1635791863478091778
Jub0bs User-Existance Oracle Tweet: https://twitter.com/jub0bs/status/1633786349529513986
James Kettle's Tweet About BB ID Header Standardization: https://twitter.com/albinowax/status/1635951506791755776
15K Snapchat Numeric IDOR: https://hackerone.com/reports/1819832
Bug Bounty Reports Explained: https://www.bugbountyexplained.com/
CVSS Calculator: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
Web Cache Deception Write-up:
https://www.blackhat.com/docs/us-17/wednesday/us-17-Gil-Web-Cache-Deception-Attack.pdf
