Auth Bypass, XSS, RCE and more

Authentication bypasses, SQL injection, command injection, and more in this web-exploit heavy episode.

• [00:09:11] Facebook v. NSO Group
  
• [00:18:14] Netsweeper PreAuth RCE
  
• [00:25:49] SaltStack authorization bypass
  
  • https://github.com/saltstack/salt/blob/0b2a5613b345f17339cb90e60b407199b3d26980/salt/master.py#L1139
  
  
• [00:42:02] E-Learning Platforms Getting Schooled
  
  • https://github.com/LearnPress/learnpress/commit/d6f818b5f65b007acbdf62236d4aa549fb33d24a?diff=split
  
  
• [01:03:54] Roblox - Subdomain Takeover
  
• [01:08:09] Fix XSS issue in handling of CDATA in HTML messages · roundcube/roundcubemail@87e4cd0 · GitHub
  
• [01:10:13] Stealing the Trello token by abusing a cross-iframe XSS on the Butler Plugin
  
• [01:17:11] Gitlab - Arbitrary file read via the UploadsRewriter when moving and issue
  
• [01:20:15] Researching Polymorphic Images for XSS on Google Scholar
  
• [01:27:41] TP-LINK Cloud Cameras Multiple Vulnerabilities
  
  • https://seclists.org/fulldisclosure/2020/May/3
  
  
  • https://seclists.org/fulldisclosure/2020/May/4
  
  
• [01:34:46] Remote Code Execution on Microsoft SharePoint Using TypeConverters [CVE-2020-0932]
  
• [01:43:03] Firefox js::ReadableStreamCloseInternal Out-Of-Bounds Access
  
• [01:51:56] Siguza - iOS <13.5 sandbox escape/entitlement 0day
  
• [02:03:16] Honeysploit: Exploiting the Exploiters
  
• [02:15:13] Guy's 30 Reverse Engineering Tips & Tricks
  
• [02:16:45] Remote Code Execution on Nintendo 64 through Morita Shogi 64
  

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])