Client-side desync vulnerabilities - a breakthrough in request smuggling techniques

Рет қаралды 16,790

Күн бұрын

Пікірлер: 27

@BugBountyReportsExplained 2 жыл бұрын

This video took a lot of work to create but I hope it helped you in understanding the CL.0 variant of client-side desync. If it did, share it among friends to help both me and them ;)

@heyserge Жыл бұрын

Amazing explanation, I can tell you did a lot of work with the request response highlighting- it’s appreciated.

@BugBountyReportsExplained Жыл бұрын

Thanks for appreciating that. I did put in extra time for this video because I know that CSD is confusing and the proper highlighting can really help.

@lilnix 2 жыл бұрын

It's not an easy vulnerability but you explained it really great🔥

@josephvelasquez2677 2 жыл бұрын

Loving the email newsletter and this channel! Thanks!

@user-zb3lp6hz1z 2 жыл бұрын

6:02 і тут я зрозумів шо перестав розуміти Але ти дуже круто все розбираєш! Дякую !

@EduardPodvoiskyi Жыл бұрын

Я зараз передивляюсь,нічого не зрозуміло,але дуже цікаво Що найменьш щось я не дуже розумію сам proof of consept і як же воно експлойтиться в дикій природі

@dennismunyaka6537 Жыл бұрын

wow just saw your entire video well explained. will need to rewatch it a few times as it seems complex

@e.donker7787 2 жыл бұрын

Thanks! Love your content.

@BugBountyReportsExplained 2 жыл бұрын

Thank you! I appreciate that☺

@bdsgameing9789 Жыл бұрын

Great explained

@InfoSecIntel 2 жыл бұрын

You're a legend

@neiltsakatsa 2 жыл бұрын

Greetings!

@monKeman495 Жыл бұрын

thanks for explanation appreciate it! i wonder how much time and knowledge he invested for such a intricate loop hole i highly praise james kettle you both r doin so much for community ty.

@BugBountyReportsExplained Жыл бұрын

Thank you! Imagine that it's only a part of his whole research

@jub0bs 2 жыл бұрын

Great explanation! Very helpful.

@allgasfullsend4724 Жыл бұрын

Damn, that was one good video!

@_bergee_ Жыл бұрын

Mind blown 🤯

@StellarExplorationsTV6 10 ай бұрын

Hey there, I found same bug but there is a problem that redirect url parameter is secured but it have same vulnerability like sending 2 or 3 responce in one request. I want to know how to craft this report so h1 give me nice bounty.

@StellarExplorationsTV6 9 ай бұрын

hey bro i really need your help

@user-hu3im1ny2o Жыл бұрын

thx a lot!

@smartcontract647 Жыл бұрын

Great video, Will you please create a video with other different endpoints? like static and error.

@BugBountyReportsExplained Жыл бұрын

I think if you understand this example with a redirect, you will have no problem with exploiting other scenarios. So I don't plan on doing a video about CL.0 variant but with another endpoint but I may cover other variations of client-side desync bugs in the future and I will try to use a different entrypoint.