Security design flaws in Storage by Zapier
- Alexei Doudkine
- Comfy con au 2020 summer
- January 1, 1
In this talk, I go through the vulnerabilities I discovered in a Zapier service called “Storage by Zapier”. What were the vulns? How did I find it? How can they be abused? I also demo a PoCs (that won’t be released) for C2 through Zapier. Of course, I’ll also acknowledge Zapier’s response to the vulns.
I’ll present the talk in a “story” style, essentially putting the audience in my shoes.