Share
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Manage episode 471294002 series 3643227
Content provided by Amin Malekpour. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Amin Malekpour or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
A simple filename triggered stored XSS, hijacking accounts and stealing API keys. A SQL injection bypassed a web firewall, dumping an entire database in one request.
Both attacks exploited basic security flaws—flaws that should have been caught.
Learn how these exploits worked, why they were missed, and what should have been done differently.
Chapters:
0:00 - INTRO
01:39 - FINDING #1 – Stored XSS That Took Over User Accounts
07:14 - FINDING #2 – The SQL Injection That Bypassed a Firewall and Dumped the Entire Database
15:22 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]
🔗 Podcast Website → Website Link
Chapters
1. INTRO (00:00:00)
2. FINDING #1 – Stored XSS That Took Over User Accounts (00:01:39)
3. FINDING #2 – The SQL Injection That Bypassed a Firewall and Dumped the Entire Database (00:07:14)
4. OUTRO (00:15:22)
14 episodes
))
