Authentication Bypass Using Root Array

Pubblicato il: 31 maggio 2023
sul canale di: LiveOverflow
132,252
7.1k

Lots of #bugbountytips get posted on twitter, but some of them are ... weird. Let's explore the technical details of one tweet to understand where this tip came from, why this tip was wrong, and eventually learn about the real underlaying vulnerability. This is a surprising turn of events!

advertisement:
Get my handwritten font https://shop.liveoverflow.com
Checkout our courses on https://hextree.io

Authentication Bypass Due to Empty Where Clause and SQL Injection in CodeIgniter https://liveoverflow.com/authenticati...

Thank you Eslam for sharing the details with us!
Follow Eslam on Twitter:   / eslam3kll  

The #bugbountytips tweet:   / 1526795822687346688  
Eslam's old post: https://infosecwriteups.com/authentic...
Eslam's new blog: https://eslam3kl.gitbook.io/blog/bug-....
Day[0] Podcast: https://dayzerosec.com/vulns/2022/03/...

Chapters:
00:00 - Intro
00:41 - The bugbountytips Tweet
01:21 - The Original Blog
02:43 - Talking to Eslam about the Happy Accident
04:36 - Digging Deeper
05:39 - Researching Login Code with Codeigniter
06:54 - Example Vulnerable Login Code
08:08 - Improving the Writeup
09:18 - Surprise SQL Injection!
11:37 - Conclusion
12:31 - hextree

=[ ❤️ Support ]=

→ per Video:   / liveoverflow  
→ per Month:    / @liveoverflow  

2nd Channel:    / liveunderflow  

=[ 🐕 Social ]=

→ Twitter:   / liveoverflow  
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok:   / liveoverflow_  
→ Instagram:   / liveoverflow  
→ Blog: https://liveoverflow.com/
→ Subreddit:   / liveoverflow  
→ Facebook:   / liveoverflow  


In questa pagina del sito puoi guardare il video online Authentication Bypass Using Root Array della durata di 13 minuti 24 seconda in buona qualità , che l'utente ha caricato LiveOverflow 31 maggio 2023, condividi il link con amici e conoscenti, su youtube questo video è già stato visto 132,252 volte e gli è piaciuto 7.1 mille spettatori. Buona visione!