Loading the player...

# Use Youtube player (with Youtube AD) #<<<>>> # Use our player (Downlaod, Unblock & No Youtube AD) 再生できないときはここをクリック click hrer if failed to load 如无法播放请点击这里#

INFO:
Try SquareX for free today! 👉 https://sqrx.io/db_yt In this video, we take a deep dive into the GitLab / ExifTool metadata parsing vulnerability, which enables attackers to gain access to GitLab servers via an RCE (remote code execution). Whether you're a pen tester, security researcher, or cyber security expert, having a solid foundation in escape sequences, code evaluation, and character parsing is critical. JOIN THE DISCORD! 👉 https://discord.gg/WYqqp7DXbm 0:00 - Overview 0:26- Metadata 1:59 - DjVu 2:34 - C Escape Sequences 4:18 - Structure 11:14 - Exploit 13:45 - SquareX Hackerone report https://hackerone.com/reports/1154542 William Bowling’s report https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html Vulnerable code https://github.com/exiftool/exiftool/blob/11.70/lib/Image/ExifTool/DjVu.pm Patch https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031 SquareX socials: Twitter: https://twitter.com/getsquarex LinkedIn: https://www.linkedin.com/company/getsquarex/ Instagram: https://www.instagram.com/getsquarex/ Facebook: https://www.facebook.com/getsquarex Blog: https://labs.sqrx.com/ MUSIC CREDITS: LEMMiNO - Cipher https://www.youtube.com/watch?v=b0q5PR1xpA0 CC BY-SA 4.0 LEMMiNO - Firecracker https://www.youtube.com/watch?v=ulfoU2MziOc CC BY-SA 4.0 LEMMiNO - Nocturnal https://www.youtube.com/watch?v=epmoV2HRs9U CC BY-SA 4.0 LEMMiNO - Siberian https://www.youtube.com/watch?v=5py6E6yo7wk CC BY-SA 4.0 LEMMiNO - Encounters https://www.youtube.com/watch?v=xdwWCl_5x2s CC BY-SA 4.0 #programming #software #softwareengineering #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #bugbounties #ethicalhacking #JPEG #encoding #lowlevelsecurity #zeroday #zero-day #cybersecurityexplained #bugbounty #memorymanagement #gitlab #security #cybersecurity #github #git #versioncontrol #breaches #databreaches #bug #bugbounty #pentesting #penetrationtesting #BeFearlessOnline #SquareX #Befearlessu0026SecureOnline #Cybersecurity #Privacy #Security #Cybersec
MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??
MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??