liveoverflow.bsky.social
wannabe hacker... he/him
🌱 grow your hacking skills https://hextree.io
19 posts
5,011 followers
5 following
Regular Contributor
comment in response to
post
Ah cool thanks! I was wondering where this is from. I was just thinking of "Fancy Bear" en.wikipedia.org/wiki/Fancy_B...
comment in response to
post
This was really a good conversation!
1. OP is capable to self-reflect and be humble
2. Commenters are knowledgable and they asked the right questions
3. And OP genuinely engaged with the responses
Source: www.reddit.com/r/bugbounty/...
comment in response to
post
This is the kind of issue where you need to change your perspective. If you are stuck with "we as the attacker want to directly access cached data", you will miss the obvious.
Turns out, we can control the cache parameter, by forcing the victim to visit the link with our value!!
comment in response to
post
OP clarifies it's not the browser cache. Server-side cache would still be exploitable, right?
But no... OP explains that it's not exploitable, because an attacker cannot guess the random cache key parameter :(
comment in response to
post
Those are the real bug bounty tricks nobody talks about :P Faking bugs!!!
Jokes aside, that's not the end of the story!
A fellow hunter asks some clarifying questions. Browser cache? Server side cache? Or maybe even a service worker?
comment in response to
post
Checkout his new talk from 38c3 "Fearsome File Formats": media.ccc.de/v/38c3-fears...
comment in response to
post
My video "What is a File Format?" is also based on his work.
www.youtube.com/watch?v=VVdm...
comment in response to
post
Thank you @gf256.bsky.social and SuperFashi for taking time to make this 🥰
This video in particular reminds me of the the classic live CTF recordings that helped me break through an educational wall, and motivated me to start LiveOverflow