$6,5k + $5k HTTP Request Smuggling mass account takeover - Slack + Zomato
📧 Subscribe to BBRE Premium:
✉️ Sign up for the mailing list:
📣 Follow me on Twitter:
HTTP request smuggling is a technique used to find vulnerabilities in bug bounty programs and penetration tests, rediscovered by portswigger in 2019. In the video I present and explain two reports from Hackerone that show how a bug hunter hacked Slack and Zomato, earning $6,500 and $5,000 respectively.
Follow me on twitter:
Original reports:
Reporter:
Smuggler tool:
RFC:
#section-4.4
Timestamps:
00:00 Intro
00:26 HTTP Request Smuggling
03:25 Slack’s report
06:30 Zomato’s report
3 months ago 00:01:00 1
3 months ago 00:00:00 1
3 months ago 03:03:51 1
3 months ago 00:00:09 1
3 months ago 04:30:14 1
3 months ago 00:00:00 1
3 months ago 03:51:36 1
3 months ago 00:00:00 1
3 months ago 01:44:02 1
3 months ago 03:47:53 1
3 months ago 00:02:54 1
3 months ago 03:39:31 1
3 months ago 00:00:00 1
3 months ago 00:00:59 1
3 months ago 00:02:59 1
3 months ago 00:00:00 1
3 months ago 00:31:09 1
3 months ago 00:01:55 1
![Honey, where you’ve been... [SFM]](https://sun9-8.userapi.com/vqkvgVhceX8zyt_xOhJwCGw-QtRuy2JV5pomDg/E3v5EVV72Gw.jpg)
3 months ago 00:01:06 1
3 months ago 00:00:00 1
3 months ago 02:27:10 1
3 months ago 02:30:09 1
3 months ago 00:00:00 1
3 months ago 00:00:00 1
