Critical Thinking - Bug Bounty Podcast Episode 150: ASP.NET MVC Patterns, Popping Oracle Identity, and Esoteric Subdomain Enumeration
10 snips
Nov 27, 2025 This discussion dives into breakthroughs in Oracle Identity Manager, revealing critical path parameter vulnerabilities. There's a clever technique for exfiltrating data using Google Sheets that showcases the power of automation. ASP.NET MVC patterns are explored, highlighting their potential for file write escalations. The hosts introduce under-the-radar subdomain enumeration methods and touch on intriguing AI developments, including the Gemini 3 release and innovative coding tools. A strong emphasis on community support and knowledge sharing rounds out the conversation.
AI Snips
Chapters
Books
Transcript
Episode notes
Header Overflow Can Break Cache Keys
- Cloudflare cache-key overflow via many headers can force caching with malicious headers and lead to stored XSS or DoS.
- Simple header-spraying tests can reveal long-standing cache/key handling bugs, as Justin notes.
Source Code Hunting Led To Oracle RCE
- Searchlight Cyber found unauthenticated routes in Oracle Identity Manager by grepping WAR/EAR files and locating main.jspx.
- They bypassed a central security filter with path-parameter tricks and got RCE via compile-time annotation processing.
Exploit ImportHTML For Blind XSS
- Spray Google Docs importHTML payloads into forms and CRM exports to detect blind XSS exfiltration.
- Monitor automation integrations like Zapier that can insert rows directly into Google Sheets and trigger later leaks.
