[bounty] Akamai Cache Poisoning and a Chrome Universal XSS
33:05 Share

Had some varied issues this week, a file format allowing JScript for a $20,000 bounty, Akamai Cache Poisoning, Universal XSS in Chrome.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/155.html

[00:00:00] Introduction

[00:00:26] Two Lines of JScript for $20,000

[00:05:31] Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)

[00:14:10] [Chrome] Universal XSS in Autofill Assistant

[00:22:51] Aurora Improper Input Sanitization Bugfix Review

[00:31:21] What I learnt from reading 126* Information Disclosure Writeups.