Very creative way to turn Prototype Pollution into RCE in kibana - Bug Bounty Reports Explained

📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw This video is an explanation of prototype pollution vulnerability in kibana that, in a super cool and very creative way, was used to achieve remote code execution in kibana software. Blogpost: https://research.securitum.com/protot... Researcher's twitter:   / securitymb   Follow me on twitter:   / gregxsunday   Timestamps: 00:00 Intro 00:34 Prototype pollution 02:27 Vulnerability discovery 04:14 Exploitation #rce #protoPollution

Join Today
A to Z Bug Bounty Hunting Tools! (HACKING)
▶︎

A to Z Bug Bounty Hunting Tools! (HACKING)

Prototype pollution is everywhere! Solution to May '22 XSS Challenge
▶︎

Prototype pollution is everywhere! Solution to May '22 XSS Challenge

DEF CON 32 - Exploiting the Unexploitable Insights from the Kibana Bug Bounty - Mikhail Shcherbakov
▶︎

DEF CON 32 - Exploiting the Unexploitable Insights from the Kibana Bug Bounty - Mikhail Shcherbakov

My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLs
▶︎

My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLs

Prototype Pollution Leads to RCE: Gadgets Everywhere
▶︎

Prototype Pollution Leads to RCE: Gadgets Everywhere

Bug Bounty: Exploiting Prototype Pollution for Easy $$$ (Manual + Automation Guide)
▶︎

Bug Bounty: Exploiting Prototype Pollution for Easy $$$ (Manual + Automation Guide)

What bugs you should look for in a GraphQL API? Bug Bounty Case Study
▶︎

What bugs you should look for in a GraphQL API? Bug Bounty Case Study

How Does Prototype Pollution Actually Work?
▶︎

How Does Prototype Pollution Actually Work?

Severe Prototype Pollution Vulnerability found in gRPC Node JS codebase
▶︎

Severe Prototype Pollution Vulnerability found in gRPC Node JS codebase

Bug Bounty | $2000 for SSRF bypass using DNS rebinding
▶︎

Bug Bounty | $2000 for SSRF bypass using DNS rebinding

$25,000 GitHub pages RCE via YAML file - Bug Bounty Reports Explained
▶︎

$25,000 GitHub pages RCE via YAML file - Bug Bounty Reports Explained

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!
▶︎

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!

How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports
▶︎

How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports

How The FBI Finds Your REAL IP Address
▶︎

How The FBI Finds Your REAL IP Address

How Pros Use CVEs to Find New Bugs (before anyone else! ft CVE-2020-5902)
▶︎

How Pros Use CVEs to Find New Bugs (before anyone else! ft CVE-2020-5902)

NahamCon2021 - Using Chromedp to Hunt for Prototype Pollution - @TomNomNom
▶︎

NahamCon2021 - Using Chromedp to Hunt for Prototype Pollution - @TomNomNom

$130,000+ Learn New Hacking Technique in 2021 - Dependency Confusion - Bug Bounty Reports Explained
▶︎

$130,000+ Learn New Hacking Technique in 2021 - Dependency Confusion - Bug Bounty Reports Explained

$15,000 Playstation Now RCE via insecure WebSocket connection - Bug Bounty Reports Explained
▶︎

$15,000 Playstation Now RCE via insecure WebSocket connection - Bug Bounty Reports Explained

The Bug Hunter's Methodology - Application Analysis | Jason Haddix
▶︎

The Bug Hunter's Methodology - Application Analysis | Jason Haddix

Webinar: Hacking Modern Web Apps with RCE and Prototype Pollution by Abraham Aranguren
▶︎

Webinar: Hacking Modern Web Apps with RCE and Prototype Pollution by Abraham Aranguren