093 - A Slack Attack and a MySQL Scientific Notation Bug Bug Bounty podcast

Links and vulnerability summaries for this episode are available at: Just four bugs this week but that all are somewhat interesting from an Instagram 2FA removal deanonymizing Slack users a MySQL bug and how to get cheap reddit coins. 00:00:00 Introduction 00:00:31 How I was able to revoke your Instagram 2FA 00:10:02 Abusing Slacks file-sharing functionality to de-anonymise fellow workspace members 00:29:41 A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection 00:35:38 Reddit disclosed on HackerOne: IDOR to pay less for coin purchases... The DAY0 Podcast episodes are streamed live on Twitch twice a week: - Mondays at 3:00pm Eastern Boston we focus on web and more bug bounty style vulnerabilities - Tuesdays at 7:00pm Eastern Boston we focus on lower-level vulnerabilities and exploits. The audio-only version of the podcast is available on: -- Apple Podcasts: -- Spotify: -- Google Podcasts: -- Other audio platforms can be found at You can also join our discord: Or follow us on Twitter dayzerosec to know when new releases are coming. BugBounty Podcast

Источник: rutube.ru