Client-side desync vulnerabilities - a breakthrough in request smuggling techniques
Ғылым және технология
Check out Intigriti - the sponsor of today's video: www.intigriti.com/
📧 Subscribe to BBRE Premium: bbre.dev/premium
Subscribe to @intigriti on KZread: @intigriti
✉️ Sign up for the mailing list: bbre.dev/nl
📣 Follow me on twitter: bbre.dev/tw
This video is about a new hacking technique discovered by James Kettle, one of the best, if not the best web security researcher in the world. This vulnerability is called client-side desync or browser-powered desync and is a subclass of request smuggling vulnerabilities. The video shows the CL.0 variant and how many websites built on Akamai could be hacked with it.
🖥 Get $100 in credits for Digital Ocean: bbre.dev/do
The article: portswigger.net/research/brow...
James' Twitter: / albinowax
Timestamps:
00:00 Intro
00:36 Intigriti - the sponsor of today's video
01:08 Desynchronising the browser and a vulnerable server
06:03 Confusing the browser by returning a different response
09:44 XSS using HEAD tunnelling
Пікірлер: 27
This video took a lot of work to create but I hope it helped you in understanding the CL.0 variant of client-side desync. If it did, share it among friends to help both me and them ;)
It's not an easy vulnerability but you explained it really great🔥
Amazing explanation, I can tell you did a lot of work with the request response highlighting- it’s appreciated.
@BugBountyReportsExplained
Жыл бұрын
Thanks for appreciating that. I did put in extra time for this video because I know that CSD is confusing and the proper highlighting can really help.
Loving the email newsletter and this channel! Thanks!
Great explanation! Very helpful.
wow just saw your entire video well explained. will need to rewatch it a few times as it seems complex
Great explained
6:02 і тут я зрозумів шо перестав розуміти Але ти дуже круто все розбираєш! Дякую !
@EduardPodvoiskyi
Жыл бұрын
Я зараз передивляюсь,нічого не зрозуміло,але дуже цікаво Що найменьш щось я не дуже розумію сам proof of consept і як же воно експлойтиться в дикій природі
You're a legend
Damn, that was one good video!
Thanks! Love your content.
@BugBountyReportsExplained
Жыл бұрын
Thank you! I appreciate that☺
Mind blown 🤯
thx a lot!
Amezing content
Greetings!
thanks for explanation appreciate it! i wonder how much time and knowledge he invested for such a intricate loop hole i highly praise james kettle you both r doin so much for community ty.
@BugBountyReportsExplained
Жыл бұрын
Thank you! Imagine that it's only a part of his whole research
Great video, Will you please create a video with other different endpoints? like static and error.
@BugBountyReportsExplained
Жыл бұрын
I think if you understand this example with a redirect, you will have no problem with exploiting other scenarios. So I don't plan on doing a video about CL.0 variant but with another endpoint but I may cover other variations of client-side desync bugs in the future and I will try to use a different entrypoint.
Hey there, I found same bug but there is a problem that redirect url parameter is secured but it have same vulnerability like sending 2 or 3 responce in one request. I want to know how to craft this report so h1 give me nice bounty.
@StellarExplorationsTV6
8 ай бұрын
hey bro i really need your help
Very Well explained 👏👏👏 thanks for very well created video.. appreciate your efforts.. Is it possible to share the video editor used
@BugBountyReportsExplained
Жыл бұрын
Thank you, I use After Effects for the main part of the video and then Premiere Pro for the intro+outro
Can you please explain how can this vulnerability patched