Critical Thinking - Bug Bounty Podcast cover image

Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops

Critical Thinking - Bug Bounty Podcast

00:00

The Problems With Post-Message Broadcasting

Each individual field in the checkout was an individual iframe. And those iframes were syncing up and like getting communication via sort of a, um, post message broadcast of sorts. Then when, uh, the frame was loading up the actual, uh, credit card input frame, there was a race condition that you could trigger where you could send a post message faster than the actual parent frame to the child's child sub,. That would allow you to do a CSS injection on the, uh,credit card page where all of this was actually happening. So here's how the attack worked.

Transcript
Play full episode

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
 Get the app