To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Artwork

Tech Careers Business Penetration Testing Bug Bounty Ethical Hacking Web Security Application Security Offensive Security Podcasting Education Amin Malekpour DevSecOps Secure Coding Security Hardening Secure Software Development Security Best Practices Red Team
Content provided by Amin Malekpour. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Amin Malekpour or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Hacked & Secured: Pentest Exploits & Mitigations »
Ep. 8 – OTP Flaw & Remote Code Execution: When Small Flaws Go Critical

15:45
 
Play
Playing
Share
 

MP3Episode home
Manage episode 478951480 series 3643227
Content provided by Amin Malekpour. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Amin Malekpour or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

A broken logout flow let attackers hijack accounts using just a user ID.
A self-XSS and an IDOR exposed stored data. And a forgotten internal tool—running outdated software—ended in full Remote Code Execution.

This episode is all about how small bugs, missed checks, and overlooked services can lead to serious consequences.

Chapters:

00:00 - INTRO

01:22 - FINDING #1 - The Logout That Logged You In

07:12 - FINDING #2 - From Signature Field to Shell Access

14:40 - OUTRO

Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us [email protected]
🔗 Podcast Website → Website Link

  continue reading

Chapters

1. INTRO (00:00:00)

2. FINDING #1 - The Logout That Logged You In (00:01:22)

3. FINDING #2 - From Signature Field to Shell Access (00:07:12)

4. OUTRO (00:14:40)

9 episodes

#Tech #Careers #Business #Penetration Testing #Bug Bounty #Ethical Hacking #Web Security #Application Security #Offensive Security #Podcasting Education #Amin Malekpour #DevSecOps #Secure Coding #Security Hardening #Secure Software Development #Security Best Practices #Red Team
Artwork

Ep. 8 – OTP Flaw & Remote Code Execution: When Small Flaws Go Critical

Hacked & Secured: Pentest Exploits & Mitigations

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 478951480 series 3643227
Content provided by Amin Malekpour. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Amin Malekpour or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

A broken logout flow let attackers hijack accounts using just a user ID.
A self-XSS and an IDOR exposed stored data. And a forgotten internal tool—running outdated software—ended in full Remote Code Execution.

This episode is all about how small bugs, missed checks, and overlooked services can lead to serious consequences.

Chapters:

00:00 - INTRO

01:22 - FINDING #1 - The Logout That Logged You In

07:12 - FINDING #2 - From Signature Field to Shell Access

14:40 - OUTRO

Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us [email protected]
🔗 Podcast Website → Website Link

  continue reading

Chapters

1. INTRO (00:00:00)

2. FINDING #1 - The Logout That Logged You In (00:01:22)

3. FINDING #2 - From Signature Field to Shell Access (00:07:12)

4. OUTRO (00:14:40)

9 episodes

#Tech #Careers #Business #Penetration Testing #Bug Bounty #Ethical Hacking #Web Security #Application Security #Offensive Security #Podcasting Education #Amin Malekpour #DevSecOps #Secure Coding #Security Hardening #Secure Software Development #Security Best Practices #Red Team

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Quick Reference Guide

Top Podcasts
The Bill Simmons Podcast
PTI
First Take
Marketplace
Comedy of the Week
The Bugle
How Did This Get Made?
Doug Loves Movies
Planet Money
TED Talks Daily
NBC Nightly News with Lester Holt
The World This Hour
Daily Boost Motivation and Coaching
Radiolab
Science Friday
This American Life
Criminal
Sword and Scale
In The Dark
Player FM logo
Help/FAQ | Upgrade | Advertise
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Sitemap | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play