Pwn2Own, Tianfu Cup, and Other Hacks
A Facebook DOM-based XSS, Rocket.chat and Github Actions RCEs, and a Brave Browser information disclosure in this week's episode. [00:00:50] Pwn2Own Tokyo (Live from Toronto) - Schedule and Results https://www.zerodayinitiative.com/blog/2020/7/28/announcing-pwn2own-tokyo-2020-live-from-toronto [00:12:00] Tianfu Cup - Results [00:16:28] Unlimited Chase Ultimate Rewards Points [00:26:09] Github: Widespread injection vulnerabilities in Actions [00:36:37] About the security content of iOS 14.2 and iPadOS 14.2 https://twitter.com/ShaneHuntley/status/1324431104187670529 [00:42:04] Rocket.Chat Desktop RCE [00:44:44] git-lfs RCE [00:46:46] Attack of the clones: Git clients remote code execution [00:48:17] YOURLS 1.5 - 1.7.10, Multiple Stored XSS Vulnerabilities in Admin Panel [00:53:23] Company forced to change name that could be used to hack websites [00:57:12] Facebook DOM Based XSS using postMessage [01:03:00] SQL Injection and Reflected XSS in Oracle Communications Diameter Signaling Router [01:06:00] Re-discovering a JWT Authentication Bypass in ServiceStack https://docs.servicestack.net/releases/v5.9#v592-patch-release-notes [01:10:45] How I found a Tor vulnerability in Brave Browser, reported it, watched it get patched, got a CVE (CVE-2020-8276) and a small bounty, all in one working day [01:18:12] Exploiting Microsoft Store Games [CVE-2020-16877] [01:26:21] Fuzzing for eBPF JIT bugs in the Linux kernel [01:41:18] Capture the Bot: Using Adversarial Examples to Improve CAPTCHA Robustness to Bot Attacks Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])