))
Ep. 7 – IDOR & SSTI: From File Theft to Server-Side Secrets
Manage episode 476358711 series 3643227
תוכן מסופק על ידי Amin Malekpour. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Amin Malekpour או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
A predictable ID exposed private documents. A crafted name leaked backend files.
In this episode, we break down two high-impact flaws—an IDOR that let attackers clone confidential attachments, and an SSTI hidden in an email template that revealed server-side files. Simple inputs, big consequences. Learn how they worked, why they were missed, and how to stop them.
Chapters:
00:00 - INTRO
01:28 - FINDING #1 – IDOR to Steal Confidential Files with Just an Attachment ID
09:05 - FINDING #2 – Server-Side Template Injection That Leaked Local Files
18:41 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → podcast@quailu.com.au
🔗 Podcast Website → Website Link
פרקים
1. INTRO (00:00:00)
2. FINDING #1 – IDOR to Steal Confidential Files with Just an Attachment ID (00:01:28)
3. FINDING #2 – Server-Side Template Injection That Leaked Local Files (00:09:05)
4. OUTRO (00:18:41)
11 פרקים
שתפו
))
