@albinowax you're the most awesome hacker. And your talks are always top notch.

The best video on this topic so far

26:14 the callback parameter was cache key and both ROR & CDN caches are splitting the parameters with & and ; . So why didn't the CDN notice that the callback parameter is different from the UTM_content parameter. So the CDN cache key for callback didn't even notice that the same cache key parameter is repeating second time? Why it wasn't, like callback(keyed)&(unkeyed); callback(keyed).

thanks james allways mind blowing !!!!!!

Good stuff but what about Cloudfront?

Thank you so much, sir!

What the hell? Cloudflare of all services doesn't think the unkeyed port param cache poisoning is an issue? What drugs are they taking, leaving in a vulnerability like that? I'm honestly baffled. Anyway thanks for the research man, this is some truly top quality stuff

Very helpful, like always) thank you so much

Thank you for what you do

Awesome! thanks James! A gif is needed to be made from 42:40 :D

Awesome Research

thanks you so much to share your great knowledge with us thanks you sir

Amazing !!!

Dope %amazing masterpiece

True Legend !

Thank you. Always as a crack.

That's good. Thank you

love you sir

"for my next trick"

First Comment, love James Research

good job :)

To let's go kick the cache with method of albinowax

යො බොසා

100th like