This video took a lot of work to create but I hope it helped you in understanding the CL.0 variant of client-side desync. If it did, share it among friends to help both me and them ;)
Я зараз передивляюсь,нічого не зрозуміло,але дуже цікаво Що найменьш щось я не дуже розумію сам proof of consept і як же воно експлойтиться в дикій природі
Hey there, I found same bug but there is a problem that redirect url parameter is secured but it have same vulnerability like sending 2 or 3 responce in one request. I want to know how to craft this report so h1 give me nice bounty.
thanks for explanation appreciate it! i wonder how much time and knowledge he invested for such a intricate loop hole i highly praise james kettle you both r doin so much for community ty.
I think if you understand this example with a redirect, you will have no problem with exploiting other scenarios. So I don't plan on doing a video about CL.0 variant but with another endpoint but I may cover other variations of client-side desync bugs in the future and I will try to use a different entrypoint.