Chaining PHP Filters for Advanced Hacking

Episode 60: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023.

Follow us on twitter at: @ctbbpodcast

Send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Resources:

Top 10 web hacking techniques of 2023

1: Smashing the state machine

8: From Akamai to F5 to NTLM

3: SMTP Smuggling

4: PHP filter chains

(Bonus Read)

5: HTTP Parsers Inconsistencies

6: HTTP Request Splitting

7: How I Hacked Microsoft Teams

9: Cookie Crumbles

(Bonus Read)

10: Hacking root EPP servers to take control of zones

Timestamps:

(00:00:00) Introduction

(00:04:26) 1: Smashing the state machine

(00:11:56) 8: From Akamai to F5 to NTLM... with love

(00:17:11) 3: SMTP Smuggling

(00:26:27) 4: PHP filter chains

(00:36:40) 5: HTTP Parsers Inconsistencies

(00:44:56) 6: HTTP Request Splitting

(00:53:43) 7: How I Hacked Microsoft Teams

(01:02:25) 9: Cookie Crumbles

(01:11:36) 10: EPP Server Takeover