Critical Thinking - Bug Bounty Podcast

Episode 62: Frontend Language Oddities

Mar 14, 2024

Exploring HTML quirks and bug bounty journeys, discussing the Yelp Cookie Bridge Bug and unique CSS exfiltration techniques. Delving into community engagement, bypassing authorization checks, and innovative CSS data extraction methods.

58:43

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Leveraging perspectives in CSS attacks for data exfiltration from websites, exploiting container queries for targeted leaks.

Exploring CSS container queries for precise element selection, proposing manipulation for data inference through CSS.

Amplifying CSS injection techniques with size-based element targeting for intelligent data extraction and manipulation.

Deep dives

Exploiting Perspective-Based CSS Techniques for Data Leakage

Leveraging the concept of perspectives in CSS attacks to exploit password-protected elements on websites, such as leaking data from container sizes to exfiltrate content step by step, leveraging info while also exploring container queries for targeting elements based on size for more precise data leaks.

Introduction

2min

Exploring Unconventional Features of HTML

15min

Navigating the Highs and Lows of Bug Hunting

4min

Evasion and Authorization Vulnerabilities in Web View Redirects

7min

Exploring a Lucrative Bug and Community Engagement

2min

Yelp Cookie Bridge Bug Exploitation and Cookie Bombing

14min

Exploring Innovative CSS Techniques for Data Exfiltration

15min

Episode 62: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with some additional research resources that didn’t make the Portswigger Top-Ten, but that are worth looking at.

Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Resources:

Cool HTML Shit

https://twitter.com/jcubic/status/1764311080661082201

https://twitter.com/encodeart/status/1764218128374943764

Bug bounty Hunting Journeys

https://twitter.com/ajxchapman/status/1762101366057525521

https://monkehacks.beehiiv.com/p/monkehacks-02

Yelp Cookie Bridge Report

Deobfuscating/Unminifying Obfuscated Code

ChatGPT Source Watch

Web Security Research Reddit

Nahamsec Resources