Ep. 7 – IDOR & SSTI: From File Theft to Server-Side Secrets
Hacked & Secured: Pentest Exploits & Mitigations10 Huhti 2025

Ep. 7 – IDOR & SSTI: From File Theft to Server-Side Secrets

A predictable ID exposed private documents. A crafted name leaked backend files. In this episode, we break down two high-impact flaws—an IDOR that let attackers clone confidential attachments, and an SSTI hidden in an email template that revealed server-side files. Simple inputs, big consequences. Learn how they worked, why they were missed, and how to stop them. Chapters: 00:00 - INTRO 01:28 - FINDING #1 – IDOR to Steal Confidential Files with Just an Attachment ID 09:05 - FINDING #2 – Serv...

Jaksot(14)

Ep. 13 – nOAuth Account Misbinding & Assumed-Breach to Domain Admin (Season Finale)

Ep. 13 – nOAuth Account Misbinding & Assumed-Breach to Domain Admin (Season Finale)

One misbound identity. One exposed internal path. Two routes to total compromise. In this season finale of Hacked & Secured: Pentest Exploits & Mitigations, we break down two real-world findings that ...

29 Syys 202515min

Ep. 12 – Timing Attacks & Mobile OAuth Hijack: When Microseconds and Misflows Betray You

Ep. 12 – Timing Attacks & Mobile OAuth Hijack: When Microseconds and Misflows Betray You

A few microseconds. One silent browser session. That’s all it took for attackers to break into systems without tripping a single alert. In this episode of Hacked & Secured: Pentest Exploits & Mitigati...

28 Elo 202514min

Ep. 11 – Account Takeover, Token Misuse, and Deserialization RCE: When Trust Goes Wrong

Ep. 11 – Account Takeover, Token Misuse, and Deserialization RCE: When Trust Goes Wrong

One flawed password reset. One shared session token. One dangerous object. In Episode 11 of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world vulnerabilities where trust...

24 Heinä 202517min

Ep. 10 – Cookie XSS & Image Upload RCE: One Cookie, One File, Full Control

Ep. 10 – Cookie XSS & Image Upload RCE: One Cookie, One File, Full Control

One cookie set on a subdomain triggered XSS and stole session tokens. One fake image upload gave the attacker a reverse shell. This episode breaks down two powerful exploits—a cookie-based XSS that by...

26 Kesä 202520min

Ep. 9 – Directory Traversal & LFI: From File Leaks to Full Server Crash

Ep. 9 – Directory Traversal & LFI: From File Leaks to Full Server Crash

One markdown link copied server files. One poisoned log triggered remote code execution. One LFI crashed the entire server. In this episode, we unpack three real-world exploits—directory traversal an...

29 Touko 202525min

Ep. 8 – OTP Flaw & Remote Code Execution: When Small Flaws Go Critical

Ep. 8 – OTP Flaw & Remote Code Execution: When Small Flaws Go Critical

A broken logout flow let attackers hijack accounts using just a user ID. A self-XSS and an IDOR exposed stored data. And a forgotten internal tool—running outdated software—ended in full Remote Code ...

24 Huhti 202515min

Ep. 6 – 403 Bypass & Request Smuggling: Tiny Tricks, Total Takeover

Ep. 6 – 403 Bypass & Request Smuggling: Tiny Tricks, Total Takeover

A single uppercase letter unlocked an admin panel. One malformed request hijacked user sessions. In this episode, we break down two real-world exploits—a 403 bypass and a request smuggling attack—tha...

27 Maalis 202517min

Suosittua kategoriassa Liike-elämä ja talous

sijotuskasti
mimmit-sijoittaa
rss-rahapodi
psykopodiaa-podcast
rss-sisalto-kuntoon
rss-rahamania
rss-lahtijat
taloudellinen-mielenrauha
ostan-asuntoja-podcast
pomojen-suusta
rss-h-asselmoilanen
rss-seuraava-potilas
inderespodi
rss-startup-ministerio
rss-20-30-40-podcast
rss-vaikuttavan-opettajan-vierella
rss-siksi-viestinta
juristipodi
rss-bisnesta-bebeja
rss-inspiroivat-naiset