Critical Thinking - Bug Bounty Podcast Episode 131: SL Cyber Writeups, Bug Bounty Metastrategy, and Orphaned Github Commits
Jul 17, 2025
Dive into the world of collaborative hacking as experts discuss the thrill of teamwork in uncovering software vulnerabilities. Uncover the shocking scale of data exposed by a McDonald's chatbot flaw. Explore how to exploit .NET Nuke vulnerabilities and the nuances in prompt engineering for AI interactions. Learn about making the most of GitHub scans and the implications of orphan commits. Plus, discover new tools like Raycast for Windows and enhancements in Google Docs that can elevate bug bounty hunting!
AI Snips
Chapters
Transcript
Episode notes
Power of Hack-Alongs
- Participate in hack-alongs to leverage collective brainpower for finding bugs.
- Sharing insights in real-time helps uncover vulnerabilities that individuals might miss.
Cloud Metadata Bypass Tricks
- Adding extra slashes or semicolons may bypass cloud metadata service protections.
- Fuzz all URL components creatively to find crucial security bypasses.
Massive McDonald's Data Leak
- Ian Carroll and Sam Curry found an IDOR leaking 64 million McDonald's job applicant data.
- Default credentials enabled admin access to a chatbot managing this data, revealing a massive security lapse.