Hacked & Secured: Pentest Exploits & Mitigations

• Ep. 10 – Cookie XSS & Image Upload RCE: One Cookie, One File, Full Control

  One cookie set on a subdomain triggered XSS and stole session tokens. One fake image upload gave the attacker a reverse shell.This episode breaks down two powerful exploits—a cookie-based XSS that bypassed frontend protections, and an RCE through Ghostscript triggered by a disguised PostScript file.Learn how subtle misconfigurations turned everyday features into full account and server compromise.Chapters:00:00 - INTRO01:08 - FINDING #1 - Cookie-Controlled XSS12:19 - FINDING #2 - Image Upload to RCE via Ghostscript19:03 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

  --------  

  20:12

  --------

  20:12
• Ep. 9 – Directory Traversal & LFI: From File Leaks to Full Server Crash

  One markdown link copied server files. One poisoned log triggered remote code execution. One LFI crashed the entire server. In this episode, we unpack three real-world exploits—directory traversal and local file inclusion flaws that went far beyond file reads. From silent data leaks to full server compromise, these attacks all started with a single trusted path.Chapters:00:00 - INTRO01:07 - FINDING #1 - Server File Theft with Directory Traversal09:23 - FINDING #2 - From File Inclusion to RCE via Log Poisoning16:20 - FINDING #3 - LFI to Server Crash24:09 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

  --------  

  25:05

  --------

  25:05
• Ep. 8 – OTP Flaw & Remote Code Execution: When Small Flaws Go Critical

  A broken logout flow let attackers hijack accounts using just a user ID. A self-XSS and an IDOR exposed stored data. And a forgotten internal tool—running outdated software—ended in full Remote Code Execution.This episode is all about how small bugs, missed checks, and overlooked services can lead to serious consequences.Chapters:00:00 - INTRO01:22 - FINDING #1 - The Logout That Logged You In07:12 - FINDING #2 - From Signature Field to Shell Access14:40 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

  --------  

  15:45

  --------

  15:45
• Ep. 7 – IDOR & SSTI: From File Theft to Server-Side Secrets

  A predictable ID exposed private documents. A crafted name leaked backend files. In this episode, we break down two high-impact flaws—an IDOR that let attackers clone confidential attachments, and an SSTI hidden in an email template that revealed server-side files. Simple inputs, big consequences. Learn how they worked, why they were missed, and how to stop them.Chapters:00:00 - INTRO01:28 - FINDING #1 – IDOR to Steal Confidential Files with Just an Attachment ID09:05 - FINDING #2 – Server-Side Template Injection That Leaked Local Files18:41 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

  --------  

  19:35

  --------

  19:35
• Ep. 6 – 403 Bypass & Request Smuggling: Tiny Tricks, Total Takeover

  A single uppercase letter unlocked an admin panel. One malformed request hijacked user sessions. In this episode, we break down two real-world exploits—a 403 bypass and a request smuggling attack—that turned small oversights into full system compromise. Learn how they worked, why they were missed, and what should have been done differently.Chapters:00:00 - INTRO01:18 - FINDING #1 – The 403 Bypass That Led to Full Admin Control08:17 - FINDING #2 – Smuggling Requests, Hijacking Responses16:35 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

  --------  

  17:14

  --------

  17:14

More Business podcasts

Trending Business podcasts

About Hacked & Secured: Pentest Exploits & Mitigations