Critical Thinking - Bug Bounty Podcast Episode 114: Single Page Application Hacking Playbook
11 snips
Mar 13, 2025 Dive into the world of hacking Single Page Applications (SPAs) as the hosts unravel techniques and tools like Shadow Repeater. Explore security vulnerabilities, including cross-site scripting and JWT exploitation, while uncovering the importance of understanding API endpoints. Discover how the integration of AI can enhance testing processes and learn about recent cybersecurity news, such as the launch of Hackadvisor, a platform for bug bounty ratings. Tune in for insights that merge fitness with cybersecurity in a unique twist!
AI Snips
Chapters
Transcript
Episode notes
Client-Side Path Traversal Exploit Chain
- BusFactor and XSSDoctor exploited a client-side path traversal, including a CloudFront caching issue.
- Justin mentions he had found all but two of the gadgets previously.
Mining Common Crawl
- Scan Common Crawl for secrets, as Travel Security found 12,000 live API keys and passwords.
- Nation-states likely already do this, given Common Crawl's accessibility and size.
Chrome Extension Ownership
- Chrome extensions often rely on Google Groups for ownership, not individual accounts.
- These groups are frequently left open, creating a potential attack vector.