[bounty] OverlayFS to Root and Parallels Desktop Escapes

Day[0] - A podcast by dayzerosec

Categories:

More bug bounty style bugs, but you'd be forgiven reading that title thinking we had a low-level focus this episode. We got some awesome bugs this week though from tricking Dependabot and abusing placeholder values, an IIS auth bypass. Ending off with a kernel bug (OverlayFS) and a VM escape (Parallels Desktop) Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/211.html [00:00:00] Introduction [00:00:28] Dependabot Confusion: Gaining Access to Private GitHub Repositories using Dependabot [00:12:39] Placeholder for Dayzzz: Abusing placeholders to extract customer informations [00:19:40] Bypass IIS Authorisation with this One Weird Trick - Three RCEs and Two Auth Bypasses in Sitecore 9.3 [00:33:44] PwnAssistant - Controlling /home's via a Home Assistant RCE [00:39:26] The OverlayFS vulnerability [CVE-2023-0386] [00:44:01] Escaping Parallels Desktop with Plist Injection The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9 #BugBounty #BugHunting #InfoSec #CyberSec #Podcast