Episode 11: CV$$, Web Cache Deception, and SSTI

Episode 11: In this episode of Critical Thinking - Bug Bounty Podcast we talk about CVSS (the good, the bad, and the ugly), Web Cache Deception (an underrated vuln class) and a sick SSTI Joel and Fisher found.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterMDSec Outlook Vuln:https://twitter.com/MDSecLabs/status/1635791863478091778Jub0bs User-Existance Oracle Tweet:https://twitter.com/jub0bs/status/1633786349529513986James Kettle's Tweet About BB ID Header Standardization:https://twitter.com/albinowax/status/163595150679175577615K Snapchat Numeric IDOR:https://hackerone.com/reports/1819832Bug Bounty Reports Explained:https://www.bugbountyexplained.com/CVSS Calculator:https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorWeb Cache Deception Write-up:https://www.blackhat.com/docs/us-17/wednesday/us-17-Gil-Web-Cache-Deception-Attack.pdf