Ep. 8 – OTP Flaw & Remote Code Execution: When Small Flaws Go Critical
Failed to add items
Add to basket failed.
Add to wishlist failed.
Remove from wishlist failed.
Adding to library failed
Follow podcast failed
Unfollow podcast failed
-
Narrated by:
-
By:
A broken logout flow let attackers hijack accounts using just a user ID.
A self-XSS and an IDOR exposed stored data. And a forgotten internal tool—running outdated software—ended in full Remote Code Execution.
This episode is all about how small bugs, missed checks, and overlooked services can lead to serious consequences.
Chapters:
00:00 - INTRO
01:22 - FINDING #1 - The Logout That Logged You In
07:12 - FINDING #2 - From Signature Field to Shell Access
14:40 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → podcast@quailu.com.au
🔗 Podcast Website → Website Link