episode-header-image

May 2021

16m 7s

This Python And NodeJS IP Address Valida...

About this episode

Watch this if you are using IP Address validation in both NodeJS and Python, these two libraries strip leading zeros which can lead to server side request forgery. Let us discuss

Resources

https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/

https://www.bleepingcomputer.com/news/security/python-also-impacted-by-critical-ip-address-validation-vulnerability/

Support my work on PayPal

https://bit.ly/33ENps4

Become a Member on YouTube

https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join

🧑‍🏫 Courses I Teach

https://husseinnasser.com/courses

Up next

CPU and Kernel Page Faults

<p>Page faults occurs when the process tries to access a memory that isn’t backed by a physical page kernel raises a fault which loads a page. It happens on first access, stack expansion, COW, swap and much more. However it comes with a cost. </p><p><br /></p><p>In this episode o ... Show More

Amazon US-EAST-1 Outage in Details

On October 19 2025 AWS experienced an outage that lasted over a day, 10 days later we finally got the root cause analysis and we know exactly what caused the DNS to fail0:00 Summary 5:30 How did Dynamo lost its DNS?13:41 EC2 Errors 16:16 Network Load Balancer ErrorsRCA here https ... Show More

Graceful shutdown in HTTP

There are cases where the backend may need to close the connection to prevent unexpected situations, prevent bad actors or simply just free up resources. Closing a connection gracefully allows clients and backends to clean up and finish any pending requests. In this episode of th ... Show More

Recommended Episodes

#435: PyPI Security

See the full show notes for this episode on the website at <a href="https://talkpython.fm/435">talkpython.fm/435</a>

Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App

Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also tou ... Show More

JavaScript Vulnerabilities with Tim Kadlec - The State of the Web

<p><span style="font-weight: 400;">(Originally aired on YouTube on May 30, 2018)</span></p> <p><span style="font-weight: 400;">Rick and Tim talk about how insecure much of the web really is, the various vulnerabilities in web security that can leave you open to attack, the challe ... Show More

#436: An Unbiased Evaluation of Environment and Packaging Tools

See the full show notes for this episode on the website at <a href="https://talkpython.fm/436">talkpython.fm/436</a>

TA444 and crypto theft on behalf of the Dear Successor. CryptoAPI spoofing vulnerability described. New Python-based malware campaign. User headspace. Tanks vs. hacktivists.

How do the North Koreans get away with it? They do run their cyber ops like a creepy start-up business. A spoofing vulnerability is discovered in Windows CryptoAPI. Python-based malware is distributed via phishing. MacOS may have a reputation for threat-resistance, but users shou ... Show More

#411: Things I Wish Someone Had Explained To Me Sooner About Python

See the full show notes for this episode on the website at <a href="https://talkpython.fm/411">talkpython.fm/411</a>

SN 976: The 50 Gigabyte Privacy Bomb - Google AI Workarounds, Microsoft Recall

The bigger problem with AI Overview https://udm14.com/ -and- https://tenbluelinks.org/ The horses have left the barn VPNs and Firewalls Email @ GRC Extension to fix Google search Passwords and SPAM Fixing motherboard components Vertical tabs in Firefox FritzBox routers Too many P ... Show More

Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops

Episode 8: In this episode of Critical Thinking - Bug Bounty Podcast we drop some critical bugs which leak raw credit card info. We also discuss some CSS Injection & PostMessage related techniques. It's a short one but a good one! Don't miss it!Follow us on twitter at: @ctbbpodca ... Show More

Episode 73: Sandboxed IFrames and WAF Bypasses

Episode 73: In this episode of Critical Thinking - Bug Bounty Podcast we give a brief recap of Nahamcon and then touch on some topics like WAF bypass tools, sandboxed iframes, and programs redacting your reports.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting th ... Show More

Episode 44: URL Parsing & Auth Bypass Magic

Episode 44: In this episode of Critical Thinking - Bug Bounty Podcast, the topic is URL structure, and Justin and Joel break down the elements that make up a URL and some common tips and tricks surrounding them which allow for all sorts of bypasses. We also round out the episode ... Show More

Listen to millions of songs and podcasts on Anghami