Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops
Critical Thinking - Bug Bounty Podcast
00:00
How to Generate a Hash With User Input
There's no way to generate that hash with your, your arbitrary supplied user input. So I started fuzzing around with that and couldn't find anything. And then the solution that I came up with in the end is, I don't know, man, I thought it was pretty cool. But essentially how it works is when you log in, there's a return to URL,. And that return to URL is supplied by user input. It can be transposable into other people's accounts and you could, you know, issue arbitrary requests that way.
Transcript
Play full episode
