Share
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
Fetch error
Hmmm there seems to be a problem fetching this series right now.
Last successful fetch was on October 30, 2025 14:43 (
What now? This series will be checked again in the next hour. If you believe it should be working, please verify the publisher's feed link below is valid and includes actual episode links. You can contact support to request the feed be immediately fetched.
Manage episode 491032492 series 3643227
Content provided by Amin Malekpour. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Amin Malekpour or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
One cookie set on a subdomain triggered XSS and stole session tokens. One fake image upload gave the attacker a reverse shell.
This episode breaks down two powerful exploits—a cookie-based XSS that bypassed frontend protections, and an RCE through Ghostscript triggered by a disguised PostScript file.
Learn how subtle misconfigurations turned everyday features into full account and server compromise.
Chapters:
00:00 - INTRO
01:08 - FINDING #1 - Cookie-Controlled XSS
12:19 - FINDING #2 - Image Upload to RCE via Ghostscript
19:03 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]
🔗 Podcast Website → Website Link
Chapters
1. INTRO (00:00:00)
2. FINDING #1 - Cookie-Controlled XSS (00:01:08)
3. FINDING #2 - Image Upload to RCE via Ghostscript (00:12:19)
4. OUTRO (00:19:03)
14 episodes
))
