Pwn2Own, Tianfu Cup, and Other Hacks
01:51:39 Share

A Facebook DOM-based XSS, Rocket.chat and Github Actions RCEs, and a Brave Browser information disclosure in this week's episode.

• [00:00:50] Pwn2Own Tokyo (Live from Toronto) - Schedule and Results)

• https://www.zerodayinitiative.com/blog/2020/7/28/announcing-pwn2own-tokyo-2020-live-from-toronto)

• [00:12:00] Tianfu Cup - Results)

• [00:16:28] Unlimited Chase Ultimate Rewards Points)

• [00:26:09] Github: Widespread injection vulnerabilities in Actions)

• [00:36:37] About the security content of iOS 14.2 and iPadOS 14.2)

• https://twitter.com/ShaneHuntley/status/1324431104187670529)

• [00:42:04] Rocket.Chat Desktop RCE)

• [00:44:44] git-lfs RCE)

• [00:46:46] Attack of the clones: Git clients remote code execution)

• [00:48:17] YOURLS 1.5 - 1.7.10, Multiple Stored XSS Vulnerabilities in Admin Panel)

• [00:53:23] Company forced to change name that could be used to hack websites)

• [00:57:12] Facebook DOM Based XSS using postMessage)

• [01:03:00] SQL Injection and Reflected XSS in Oracle Communications Diameter Signaling Router)

• [01:06:00] Re-discovering a JWT Authentication Bypass in ServiceStack)

• https://docs.servicestack.net/releases/v5.9#v592-patch-release-notes)

• [01:10:45] How I found a Tor vulnerability in Brave Browser, reported it, watched it get patched, got a CVE (CVE-2020-8276) and a small bounty, all in one working day)

• [01:18:12] Exploiting Microsoft Store Games [CVE-2020-16877])

• [01:26:21] Fuzzing for eBPF JIT bugs in the Linux kernel)

• [01:41:18] Capture the Bot: Using Adversarial Examples to Improve CAPTCHA Robustness to Bot Attacks)

Watch the DAY[0] podcast live on Twitch (@dayzerosec)) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0]))