logo
episode-header-image
May 2021
16m 7s

This Python And NodeJS IP Address Valida...

Hussein Nasser
About this episode

Watch this if you are using IP Address validation in both NodeJS and Python, these two libraries strip leading zeros which can lead to server side request forgery. Let us discuss

Resources

https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/

https://www.bleepingcomputer.com/news/security/python-also-impacted-by-critical-ip-address-validation-vulnerability/


Support my work on PayPal

https://bit.ly/33ENps4

Become a Member on YouTube

https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join

🧑‍🏫 Courses I Teach

https://husseinnasser.com/courses

--- Support this podcast: https://anchor.fm/hnasr/support
Up next
Jun 13
kTLS - Kernel level TLS
Fundamentals of Operating Systems Course https://oscourse.winktls is brilliant.TLS encryption/decryption often happens in userland. While TCP lives in the kernel. With ktls, userland can hand the keys to the kernel and the kernel does crypto. When calling write, the kernel encryp ... Show More
22m 55s
May 9
The beauty of the CPU
If you are bored of contemporary topics of AI and need a breather, I invite you to join me to explore a mundane, fundamental and earthy topic.The CPU.A reading of my substack article https://hnasr.substack.com/p/the-beauty-of-the-cpu 
9m 38s
Apr 18
Sequential Scans in Postgres just got faster
This new PostgreSQL 17 feature is game changer. They know can combine IOs when performing sequential scan. Grab my database coursehttps://courses.husseinnasser.com 
27m 36s
Recommended Episodes
Oct 2023
#435: PyPI Security
See the full show notes for this episode on the website at talkpython.fm/435 
1h 3m
Mar 2024
Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App
Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also tou ... Show More
1h 8m
Apr 2020
JavaScript Vulnerabilities with Tim Kadlec - The State of the Web
(Originally aired on YouTube on May 30, 2018) Rick and Tim talk about how insecure much of the web really is, the various vulnerabilities in web security that can leave you open to attack, the challenge of making your organization aware of these risks, and how they could be explo ... Show More
12m 32s
Nov 2023
#436: An Unbiased Evaluation of Environment and Packaging Tools
See the full show notes for this episode on the website at talkpython.fm/436 
58m 32s
Jan 2023
TA444 and crypto theft on behalf of the Dear Successor. CryptoAPI spoofing vulnerability described. New Python-based malware campaign. User headspace. Tanks vs. hacktivists.
How do the North Koreans get away with it? They do run their cyber ops like a creepy start-up business. A spoofing vulnerability is discovered in Windows CryptoAPI. Python-based malware is distributed via phishing. MacOS may have a reputation for threat-resistance, but users shou ... Show More
29m 40s
Apr 2023
#411: Things I Wish Someone Had Explained To Me Sooner About Python
See the full show notes for this episode on the website at talkpython.fm/411 
1h 3m
May 2024
SN 976: The 50 Gigabyte Privacy Bomb - Google AI Workarounds, Microsoft Recall
The bigger problem with AI Overview https://udm14.com/ -and- https://tenbluelinks.org/ The horses have left the barn VPNs and Firewalls Email @ GRC Extension to fix Google search Passwords and SPAM Fixing motherboard components Vertical tabs in Firefox FritzBox routers Too many P ... Show More
2h 13m
Feb 2023
Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops
Episode 8: In this episode of Critical Thinking - Bug Bounty Podcast we drop some critical bugs which leak raw credit card info. We also discuss some CSS Injection & PostMessage related techniques. It's a short one but a good one! Don't miss it!Follow us on twitter at: @ctbbpodca ... Show More
35m 57s
May 2024
Episode 73: Sandboxed IFrames and WAF Bypasses
Episode 73: In this episode of Critical Thinking - Bug Bounty Podcast we give a brief recap of Nahamcon and then touch on some topics like WAF bypass tools, sandboxed iframes, and programs redacting your reports.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting th ... Show More
31m 13s
Nov 2023
Episode 44: URL Parsing & Auth Bypass Magic
Episode 44: In this episode of Critical Thinking - Bug Bounty Podcast, the topic is URL structure, and Justin and Joel break down the elements that make up a URL and some common tips and tricks surrounding them which allow for all sorts of bypasses. We also round out the episode ... Show More
1h 11m
Listen to millions of songs and podcasts on Anghami