Unveiling Next.js Auth Bypass Vulnerability and Improved Detection Techniques

Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a polyglot in llms.txt.

Follow us on X

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow Rhynorater and Rez0 on X

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

You can also find some hacker swag!

====== Resources ======

p4fg passed 1 Million!

/reports/:id.json - $25K Crit

Hacking Crypto pt1

The art of payload obfuscation

Analyzing the Next.js Middleware Bypass

Nahamsec's Merch store

llms.txt polyglot prompt injection

React Router and the Remix’ed path

Pre-Authentication SQL Injection in Halo ITSM

Pwning Millions of Smart Weighing Machines

MCP Server Oauth

Cline

“Credentialless” iframes

Tiny XSS Payloads

Types of Pollution

====== Timestamps ======

(00:00:00) Introduction

(00:05:56) Next.js Middleware bypass & Polyglots in llms.txt

(00:16:35) CPDoS on React Router

(00:24:26) Loose Types Sink Ships & Pwning Smart Scales

(00:32:30) MCP Server Oauth & Cline

(00:39:40) Clientside Tidbits & Prototype Pollutions