Presented at
BruCON 0x08 (2016),
Oct. 27, 2016, 5 p.m.
(60 minutes)
A summary of the strangest vulnerabilities I've found during last year which includes:
Aggressive input decoding
Nil, NULL and password reset tokens
Host header manipulation
(quick) X-Forwarded-For: 127.0.0.1
ActiveSupport::MessageVerifier Remote Code Execution
Insecure Paypal IPN implementations
Presenters:
Links:
Similar Presentations: