Client-side desync vulnerabilities - a breakthrough in request smuggling techniques

Рет қаралды 17,457

Күн бұрын

Пікірлер: 27

@BugBountyReportsExplained 2 жыл бұрын

This video took a lot of work to create but I hope it helped you in understanding the CL.0 variant of client-side desync. If it did, share it among friends to help both me and them ;)

@heyserge 2 жыл бұрын

Amazing explanation, I can tell you did a lot of work with the request response highlighting- it’s appreciated.

@BugBountyReportsExplained 2 жыл бұрын

Thanks for appreciating that. I did put in extra time for this video because I know that CSD is confusing and the proper highlighting can really help.

@e.donker7787 2 жыл бұрын

Thanks! Love your content.

@BugBountyReportsExplained 2 жыл бұрын

Thank you! I appreciate that☺

@lilnix 2 жыл бұрын

It's not an easy vulnerability but you explained it really great🔥

@josephvelasquez2677 2 жыл бұрын

Loving the email newsletter and this channel! Thanks!

@НиколайНиколай-к2ю 2 жыл бұрын

6:02 і тут я зрозумів шо перестав розуміти Але ти дуже круто все розбираєш! Дякую !

@EduardPodvoiskyi Жыл бұрын

Я зараз передивляюсь,нічого не зрозуміло,але дуже цікаво Що найменьш щось я не дуже розумію сам proof of consept і як же воно експлойтиться в дикій природі

@dennismunyaka6537 2 жыл бұрын

wow just saw your entire video well explained. will need to rewatch it a few times as it seems complex

@bdsgameing9789 2 жыл бұрын

Great explained

@StellarExplorationsTV6 Жыл бұрын

Hey there, I found same bug but there is a problem that redirect url parameter is secured but it have same vulnerability like sending 2 or 3 responce in one request. I want to know how to craft this report so h1 give me nice bounty.

@StellarExplorationsTV6 Жыл бұрын

hey bro i really need your help

@jub0bs 2 жыл бұрын

Great explanation! Very helpful.

@monKeman495 2 жыл бұрын

thanks for explanation appreciate it! i wonder how much time and knowledge he invested for such a intricate loop hole i highly praise james kettle you both r doin so much for community ty.

@BugBountyReportsExplained 2 жыл бұрын

Thank you! Imagine that it's only a part of his whole research

@allgasfullsend4724 2 жыл бұрын

Damn, that was one good video!

@InfoSecIntel 2 жыл бұрын

You're a legend

@_bergee_ 2 жыл бұрын

Mind blown 🤯

@neiltsakatsa 2 жыл бұрын

Greetings!

@徐诚信-p2w 2 жыл бұрын

thx a lot!

@rohitjadhav5203 2 жыл бұрын

Can you please explain how can this vulnerability patched

@smartcontract647 2 жыл бұрын

Great video, Will you please create a video with other different endpoints? like static and error.

@BugBountyReportsExplained 2 жыл бұрын

I think if you understand this example with a redirect, you will have no problem with exploiting other scenarios. So I don't plan on doing a video about CL.0 variant but with another endpoint but I may cover other variations of client-side desync bugs in the future and I will try to use a different entrypoint.