Client-side desync vulnerabilities - a breakthrough in request smuggling techniques

Bug Bounty Reports Explained

Подписаться 56 тыс.

Просмотров 17 тыс.

50% 1

Видео Поделиться Скачать Добавить в

Опубликовано:

9 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 27

@BugBountyReportsExplained 2 года назад

This video took a lot of work to create but I hope it helped you in understanding the CL.0 variant of client-side desync. If it did, share it among friends to help both me and them ;)

@heyserge 2 года назад

Amazing explanation, I can tell you did a lot of work with the request response highlighting- it’s appreciated.

@BugBountyReportsExplained 2 года назад

Thanks for appreciating that. I did put in extra time for this video because I know that CSD is confusing and the proper highlighting can really help.

@lilnix 2 года назад

It's not an easy vulnerability but you explained it really great🔥

@josephvelasquez2677 2 года назад

Loving the email newsletter and this channel! Thanks!

@dennismunyaka6537 2 года назад

wow just saw your entire video well explained. will need to rewatch it a few times as it seems complex

@e.donker7787 2 года назад

Thanks! Love your content.

@BugBountyReportsExplained 2 года назад

Thank you! I appreciate that☺

@user-zb3lp6hz1z 2 года назад

6:02 і тут я зрозумів шо перестав розуміти Але ти дуже круто все розбираєш! Дякую !

@EduardPodvoiskyi Год назад

Я зараз передивляюсь,нічого не зрозуміло,але дуже цікаво Що найменьш щось я не дуже розумію сам proof of consept і як же воно експлойтиться в дикій природі

@bdsgameing9789 2 года назад

Great explained

@InfoSecIntel 2 года назад

You're a legend

@jub0bs 2 года назад

Great explanation! Very helpful.

@neiltsakatsa 2 года назад

Greetings!

@StellarExplorationsTV6 10 месяцев назад

Hey there, I found same bug but there is a problem that redirect url parameter is secured but it have same vulnerability like sending 2 or 3 responce in one request. I want to know how to craft this report so h1 give me nice bounty.

@StellarExplorationsTV6 10 месяцев назад

hey bro i really need your help

@allgasfullsend4724 Год назад

Damn, that was one good video!

@_bergee_ 2 года назад

Mind blown 🤯

@monKeman495 2 года назад

thanks for explanation appreciate it! i wonder how much time and knowledge he invested for such a intricate loop hole i highly praise james kettle you both r doin so much for community ty.

@BugBountyReportsExplained 2 года назад

Thank you! Imagine that it's only a part of his whole research

@smartcontract647 2 года назад

Great video, Will you please create a video with other different endpoints? like static and error.

@BugBountyReportsExplained 2 года назад

I think if you understand this example with a redirect, you will have no problem with exploiting other scenarios. So I don't plan on doing a video about CL.0 variant but with another endpoint but I may cover other variations of client-side desync bugs in the future and I will try to use a different entrypoint.