))
Ep. 10 – Cookie XSS & Image Upload RCE: One Cookie, One File, Full Control
Manage episode 491032492 series 3643227
Content provided by Amin Malekpour. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Amin Malekpour or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
One cookie set on a subdomain triggered XSS and stole session tokens. One fake image upload gave the attacker a reverse shell.
This episode breaks down two powerful exploits—a cookie-based XSS that bypassed frontend protections, and an RCE through Ghostscript triggered by a disguised PostScript file.
Learn how subtle misconfigurations turned everyday features into full account and server compromise.
Chapters:
00:00 - INTRO
01:08 - FINDING #1 - Cookie-Controlled XSS
12:19 - FINDING #2 - Image Upload to RCE via Ghostscript
19:03 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]
🔗 Podcast Website → Website Link
Chapters
1. INTRO (00:00:00)
2. FINDING #1 - Cookie-Controlled XSS (00:01:08)
3. FINDING #2 - Image Upload to RCE via Ghostscript (00:12:19)
4. OUTRO (00:19:03)
11 episodes
Share
