Episode 28: Surfin' with CSRFs
Critical Thinking - Bug Bounty Podcast
00:00
The JavaScript Bridge and the Attack Scenario
The attack scenario would be like, you know, you open your TikTok app, go and scan some QR code to go to some of his profile, you get popped. And so basically, this would open up an internal web view that then had access to this JavaScript bridge and a bunch of other internal functionality. So it's kind of like cores, kind of like CSRF, but yeah, that that's kind of my mobile example. I think there's a ton of other examples out there that are more the the car stuff that we talked about where it's like creating intents from a third party app that then do something similar.
Play episode from 01:12:23
Transcript
