Critical Thinking - Bug Bounty Podcast Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots
8 snips
Apr 10, 2025 Dive into the world of cybersecurity as the hosts explore high-risk vulnerabilities in IT management software and highlight the importance of robust source code reviews. Discover the dangers of SQL injection in .NET applications, share in the excitement over a hacker reaching $1 million in bug bounties, and unravel a significant Next.js authentication bypass. The conversation extends to the complexities of AI vulnerabilities and the evolving landscape of MCP security, showcasing tech innovations and community camaraderie in the bug bounty realm.
AI Snips
Chapters
Transcript
Episode notes
Improve Next.js Vulnerability Scanning
- Update your scanning tools to incorporate Asset Note's improved Next.js middleware redirect detection.
- This ensures finding more vulnerabilities beyond basic public checks.
Live Hacking Community Story
- Justin Gardner shared a live hacking experience during a community bug isolation hour.
- The session included discovering and chaining bugs live without duplication issues, fostering community collaboration.
Look for Missing Auth Decorators
- When doing source code reviews, look for endpoints missing authentication decorators.
- These unauthenticated routes are potential pre-auth SQL injection points.