cover of episode [bounty] Bad Ordering, Free OpenAI Credits, and Goodbye Passwords?

[bounty] Bad Ordering, Free OpenAI Credits, and Goodbye Passwords?

2023/5/9
logo of podcast Day[0]

Day[0]

Frequently requested episodes will be transcribed first

Shownotes Transcript

We open up this weeks bug bounty podcast with a discussion about Google's recent support for passkeys, tackling some misunderstanding about what they are and how open the platform is. Also some talk towards the end about potential vulnerabilities to look out for. Then we dive into the vulnerabilities for the week, involving bypassing phone validation in OpenAI, a bad origin check enabling abuse of a permissive CORS policy, and an order of operations issue breaking the purpose of sanitization in Oracle's Opera.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/209.html

[00:00:00] Introduction

[00:02:43] So long passwords, thanks for all the phish

[00:23:49] OpenAI Allowed “Unlimited” Credit on New Accounts

[00:28:53] A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF...

[00:44:28] Exploiting an Order of Operations Bug to Achieve RCE in Oracle Opera

[00:52:16] Testing Zero Touch Production Platforms and Safe Proxies

The DAY[0] Podcast episodes are streamed live on Twitch twice a week:

-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities

-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.

We are also available on the usual podcast platforms:

-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063

-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt

-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz

-- Other audio platforms can be found at https://anchor.fm/dayzerosec

You can also join our discord: https://discord.gg/daTxTK9