Critical Thinking - Bug Bounty Podcast

Episode 26: Client-side Quirks & Browser Hacks

Jul 6, 2023
Ask episode
Chapters
Transcript
Episode notes
1
Introduction
00:00 • 2min
2
How Space Records Explored a Zero Day Bug
02:06 • 2min
3
How to Make a Live Hacking Event Awesome
04:23 • 2min
4
Hunting for Engine X Alias Traversals in the Wild
06:05 • 3min
5
The Off by Off by a Slash Research
08:41 • 2min
6
The Open Source Approach to Exploiting Vulnerabilities
10:31 • 2min
7
Hacker One: The Most High Paying Program
12:08 • 3min
8
Port Swigger Research: A New Way to Trigger XSS
14:52 • 2min
9
The Impact of XSS Vectors on Chrome
16:46 • 3min
10
How to Use Hidden Values in Web Forms
19:20 • 3min
11
The Magical Math Elements in Firefox
22:36 • 2min
12
Edge: The Next Browser for Mac and Windows
25:01 • 2min
13
How to Conduct Security Research
26:54 • 2min
14
How to Do Comments in JavaScript
29:02 • 2min
15
How to Patch Diffed a CBE in WooCommerce and Exploited It on a Target
31:24 • 3min
16
How to Exploit WordPress Core for Plugins
34:01 • 2min
17
How to Get Your Hands on a WordPress Plugin
35:37 • 2min
18
How to Find the Best WordPress Security Plugins
38:06 • 2min
19
The Changes in the CBS S4 Draft Spec
40:09 • 2min
20
CBS S4's Privilege of the Just Required Section
41:59 • 2min
21
Tom Nom Nom Tool
44:15 • 2min
22
J S Lewis: A Tool to Extract URLs From J. S Files
45:48 • 2min
23
How to Parse JavaScript
47:22 • 2min
24
ECMAScript's Import Function
49:41 • 2min
25
How to Use File Descriptor to Minimize JavaScript Execution
51:47 • 2min
26
How to Get XSS From a File
53:46 • 2min
27
JavaScript for Hackers: A Guide to Documenting Strange Behaviors
55:21 • 3min
28
How to Use an HTML Comment in JavaScript
58:06 • 2min
29
How to Smuggle in JavaScript Comments
59:40 • 3min
30
How to Inject JavaScript Into a Variable
01:02:10 • 2min
31
JavaScript CSP Evaluator
01:04:04 • 2min
32
Google's CSP Evaluator
01:05:44 • 3min
33
How to Scan for Prototype Pollution
01:08:40 • 2min
34
Prototype Pollution in JavaScript
01:10:45 • 2min
35
DOM Clobbering: Exploiting DOM Pollution
01:12:18 • 4min
36
The Edge Case of DOM Clobbering
01:16:01 • 2min
37
How to Use Meta and Base Tags to Exploit HTML Injection
01:17:52 • 2min
38
The Potential of Meta Tags in Web Browsers
01:20:13 • 2min
39
How to Exploit the Meta Tags in Safari
01:21:52 • 2min
40
How to Sniff Key Binds Using CSS
01:23:54 • 2min
41
CSS for Content Security
01:26:15 • 3min
42
The Power of Base Base Tags in HTML Injection
01:29:09 • 2min
43
The Base Tag in the Body Tag
01:31:03 • 2min