cover of episode [bounty] GhostCMS, ClamAV, and the Top Web Hacking Techniques of 2023

[bounty] GhostCMS, ClamAV, and the Top Web Hacking Techniques of 2023

2024/2/20
logo of podcast Day[0]

Day[0]

Frequently requested episodes will be transcribed first

Shownotes Transcript

In this bounty episode, some straightforward bugs were disclosed in GhostCMS and ClamAV, and Portswigger publishes their top 10 list of web hacking techniques from 2023.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/243.html

[00:00:00] Introduction

[00:02:15] Ghost CMS Stored XSS Leading to Owner Takeover [CVE-2024-23724]

[00:16:07] ClamAV Not So Calm [CVE-2024-20328]

[00:21:00] Top 10 web hacking techniques of 2023

[00:44:46] Hacking a Smart Home Device

[00:48:15] Cloud cryptography demystified: Amazon Web Services

The DAY[0] Podcast episodes are streamed live on Twitch twice a week:

-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities

-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.

We are also available on the usual podcast platforms:

-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063

-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt

-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz

-- Other audio platforms can be found at https://anchor.fm/dayzerosec

You can also join our discord: https://discord.gg/daTxTK9