![cover of episode [bounty] Web Hackers vs. Cars and a Facebook Account Takeover](https://d3t3ozftmdmh3i.cloudfront.net/production/podcast_uploaded_nologo/1589585/1589585-1553556841291-2e3a293ad9c2e.jpg)
Shownotes Transcript
First episode of the new year, and we've got some cool stuff. Several authentication issues and "class pollution" in Python.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/177.html
[00:00:00] Introduction
[00:00:31] ReDoS "vulnerabilities" and misaligned incentives
[00:17:14] Web Hackers vs. The Auto Industry
[00:37:19] Prototype Pollution in Python
- Correction: We discuss a bit of a disagreement regarding calling the issue "Prototype Pollution" in Python, turns out we missed the fact the author calls it "Class Pollution" in the actual article which is a more fitting name.
[00:50:26] [MK8DX] Improper verification of Competition creation allows to create "Official" competitions
[00:56:36] 0 click Facebook Account Takeover and Two-Factor Authentication Bypass
[01:01:18] How SAML works and some attacks on it
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9