Critical Thinking - Bug Bounty Podcast Episode 116: Auth Bypasses and Google VRP Writeups
Mar 27, 2025
Explore the intricate world of cybersecurity, focusing on the latest findings in SAML attacks and a notable GitLab vulnerability. Delve into Google Forms and Sheets exploits that reveal sensitive information, and uncover OAuth misconfigurations that can leak tokens. Highlighting community engagement, the discussion encourages collaboration among bug bounty hunters while examining authentication bypass vulnerabilities and middleware exploits. A humor-infused journey through the challenges and innovations in digital security awaits!
AI Snips
Chapters
Transcript
Episode notes
SAML Double Parsing Flaw
- SAML authentication can be bypassed by exploiting differences in XML parsing between two libraries.
- Changing attribute quotation styles during re-parsing allows injecting malicious assertions.
XML Doctype Attribute Exploitation
- XML doc types can define elements, attributes, and entities, enabling complex manipulations.
- Attackers exploited document type attribute lists to hijack signature validation in SAML.
Google Apps Script Access Exploit
- A researcher exploited Google Apps Script to access Google Forms linked to Sheets without editor permissions.
- This bypass revealed sensitive form URLs and earned significant bounties due to deep threat model understanding.