✉️ Get the 1st issue of BBRE newsletter and sign up for the next ones ✉️
https://mailing.bugbountyexplained.com/news1

This video is an explanation of bug bounty report submitted by 17-years-old Robert Chen and 14-years-old Phillip on Hackerone to Github’s private bug bounty program. The vulnerability was CRLF combined with XSS and cache poisoning that allowed reading private pages. It was paid out $35,000.

✉️ Sign up for the mailing list ✉️
https://mailing.bugbountyexplained.com/

☕️ Support my channel ☕️
https://www.buymeacoffee.com/bountyexplained

? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215

✎Sign up for Pentesterlab from my referral✎
https://pentesterlab.com/referral/Vtch_7hLg32TqA

Report:
https://robertchen.cc/blog/2021/04/03/github-pages-xss

Reporters’ twitter:
https://twitter.com/NotDeGhost
https://twitter.com/ginkoid

Follow me on twitter:
https://twitter.com/gregxsunday

Timestamps:
00:00 Intro
00:24 What is BBRE newsletter?
01:10 Github Pages auth flow
02:33 XSS by CRLF
04:57 Bypassing Nonce and __Host cookie
08:44 Cache poisoning
09:49 Attacking from outside the org

Add comment

Your email address will not be published. Required fields are marked *