✉️ Sign up for the mailing list ✉️
This video is an explanation of a bug bounty report submitted to GitLab bug bounty program via Hackerone by William Bowling. It was a 4 step XSS with CSP bypass that at the end was escalated to a critical, serve-side vulnerability that allowed reading arbitrary files from the server. The bug hunter was awarded $16,000 bug bounty for this report.
🖥 Get $100 in credits for Digital Ocean 🖥
Follow me on twitter:
00:32 Detectify – the sponsor of today’s video
01:37 Escaping href attribute
03:02 How to bypass filename validation?
03:54 XSS without spaces and /
06:32 How to bypass CSP?
07:37 Escalating the XSS to arbitrary file read