Critical Thinking - Bug Bounty Podcast Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)
Sep 25, 2025
Nick Copi, known as 7urb0, is a security researcher who specializes in client-side web hacking. He delves into an inefficient regex that crashed Google Docs and explores triggering modals in the application. Nick shares insights on React createElement exploitation, revealing how XSS can persist in Electron clients. He also discusses exploiting CSS injection vulnerabilities with FontLeak techniques. Throughout, he emphasizes the importance of community collaboration in advancing research and sharing effective hacking strategies.
AI Snips
Chapters
Transcript
Episode notes
Playful Google Docs Crash POC
- Nick intentionally planted a client-side DOS bug in a Google Doc to make it hard to interact with the document.
- He built a webpage to copy a malicious payload to clipboard so anyone pasting it into the doc would trigger the hang.
Instrument RegExp To Find ReDoS
- Use DevTools debug hooks to dynamically instrument functions like RegExp.prototype to find inefficient regex usage.
- Record and triage suspicious regexes and run them through automated slow-regex solvers to build high-quality reports.
Electron Escalation From React XSS
- Nick found a React createElement-based XSS in an Electron desktop app and escalated it to persistent client control.
- He built a websocket C2 with screenshots and a JS console to run arbitrary code on victims' clients during his research.