Exploring Client-Side Exploits and Cookie-Based Vulnerabilities

Episode 76: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about Match and Replace and the often overlooked use cases for it, like bypassing paywalls, modifying host headers, and storing payloads. We also talk about the HackerOne Ambassador World Cup and the issues with dupe submissions, and go through some write-ups.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today's Sponsor - Project Discovery: https://nux.gg/podcast

Resources

Zoom Session Takeover

https://nokline.github.io/bugbounty/2024/06/07/Zoom-ATO.html

SharePoint XXE

https://x.com/thezdi/status/1796207012520366552

Shazzer

https://shazzer.co.uk/

Timestamps:

(00:00:00) Introduction

(00:05:06) H1 Ambassador World Cup

(00:13:57) Zoom ATO bug

(00:33:28) SharePoint XXE

(00:39:36) Shazzer

(00:46:36) Match and Replace

(01:13:01) Match and Replace in Mobile

(01:21:13) Header Replacements