This video is an explanation of bug bounty report submitted to Airbnb program. The vulnerability was XSS that required 4 different bypasses:
– XSS filter bypass,
– WAF bypass,
– CSP bypass,
– Chrome auditor bypass.
In total, the same bug was replicated on 3 endpoints, achieving 8 cross-site scripting vulnerabilities in total, including stored xss.


original blogpost:
https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/

Brett Bauerhaus:
https://twitter.com/bbuerhaus
https://buer.haus/
https://hackerone.com/ziot

Ben Sadeghipour:
https://www.youtube.com/NahamSec
https://twitter.com/NahamSec
https://nahamsec.com/
https://hackerone.com/nahamsec?type=user

Timestamps:
00:00 Intro
00:33 JSON in HTML
01:22 XSS filter
02:42 WAF
05:09 Content-Security-Policy
07:26 WAF & chrome auditor

#xss #airbnb #hackerone #waf

Add comment

Your email address will not be published. Required fields are marked *