$6,5k + $5k HTTP Request Smuggling mass account takeover - Slack + Zomato

$6,5k + $5k HTTP Request Smuggling mass account takeover - Slack + Zomato

📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw HTTP request smuggling is a technique used to find vulnerabilities in bug bounty programs and penetration tests, rediscovered by portswigger in 2019. In the video I present and explain two reports from Hackerone that show how a bug hunter hacked Slack and Zomato, earning $6,500 and $5,000 respectively. Follow me on twitter:   / gregxsunday   Original reports: https://hackerone.com/reports/737140 https://hackerone.com/reports/771666 Reporter: https://hackerone.com/defparam Smuggler tool: https://github.com/defparam/smuggler RFC: https://tools.ietf.org/html/rfc2616#s... Timestamps: 00:00 Intro 00:26 HTTP Request Smuggling 03:25 Slack's report 06:30 Zomato's report