In this episode of Critical Thinking - Bug Bounty Podcast, we're back with Joel, fresh (haha) off of back-to-back live hack events in London and Seoul. We compare the different vibes of each LHE, then we dive into the technical thick of it, and talk web browsers, XSS vectors, new tools, CVSS 4.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
______
Hunting for NGINX alias traversals in the wild
PortSwigger Tweet
Soroush's Follow-up
Tweet about magic math element
<22 weird XSS behavior
Lupin’s follow-up
Patch diffing
Changes to CVSS 4.0
Ask FIRSTdotORG what's going on
Jsluise
JS import() behavior
'JavaScript for Hackers'
CSP Evaluator:
Dom Clobbering
HTML Injection Cheat Sheet
Gareth Heyes website/game
______
Timestamps:
(00:00:00) Introduction
(00:04:10) LHE Vibes
(00:07:45) "Hunting for NGINX alias traversals in the wild"
(00:12:30) Payouts in BB programs
(00:16:05) New XSS vectors and popovers
(00:24:15) The "magical math element" in Firefox
(00:27:15) LiveOverflow on HTML parsing quirks
(00:32:10) Mr. Tux Racer, Woocommerce, and WordPress
(00:40:00) Changes in the CVSS 4 draft spec
(00:45:00) TomNomNom's new tool Jsluise
(00:51:15) JavaScript's import function & "JavaScript for Hackers"
(01:09:15) Prototype pollution & DOM clobbering
(01:18:10) Base tags and CSS Games
