Exploring DOM Purify and HTML Vulnerabilities

Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here!

Follow us on X at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on X:

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag!

====== Resources ======

Hijacking OAUTH flows via Cookie Tossing

ChatGPT Account Takeover - Wildcard Web Cache Deception

OAuth Non-Happy Path to ATO

CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js

DoubleClickjacking: A New Era of UI Redressing

WorstFit: Unveiling Hidden Transformers in Windows ANSI

SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level

Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server

Middleware, middleware everywhere – and lots of misconfigurations to fix

====== Timestamps ======

(00:00:00) Introduction

(00:09:56) Hijacking OAuth flows via Cookie Tossing

(00:17:30) ChatGPT Account Takeover

(00:25:28) OAuth Non-Happy Path to ATO

(00:29:24) CVE-2024-4367

(00:37:37) DoubleClickjacking:

(00:44:54) Exploring the DOMPurify library

(00:48:01) WorstFit

(00:56:29) Unveiling TE.0 HTTP Request Smuggling

(01:06:40) SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level

(01:14:05) Confusion Attacks