Critical Thinking - Bug Bounty Podcast

Episode 59: Bug Bounty Gadget Hunting & Hacker's Intuition

Feb 22, 2024

Exploring gadgets for web pen testing and hacking intuition, discussing HTML injection, image injection, CRLF injection, and leaking window location. Emphasizing the importance of bug bounty programs, exploring open redirect vulnerabilities, client-side path traversal, and ID oracle. Delving into the risks of cache deception, local storage poisoning, and the utilization of 'gadgets' to escalate hacking impact.

01:39:09

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Open redirects can lead to serious exploits beyond their initial impact.

Post message exploits are effective for leaking sensitive information.

Client-side open redirect has limited exploitation potential.

Manipulating user interaction functions can impact browser tab behavior.

Deep dives

Open Redirects: A Commonly Reported Bug with Limited Impact

Open redirects are often reported with limited impact, serving as a gateway to potential security threats. While they may not pose a high risk on their own, they can be leveraged for more serious exploits such as server-side request forgery (SSRF), OAuth path traversals, or client-side path traversals.

Introduction

2min

Exploring Gadgets for Web Pen Testing & Hacking Intuition

2min

Recent Updates and Enhancements in Software Tool

3min

Kaido Platform Updates and Workflow Efficiency with Protobuf

7min

Emerging JavaScript Plugin Development and Industry Boot Camp Program

4min

Exploring Bug Bounty Programs and Hacking Techniques

19min

Exploring Security Vulnerabilities and Importance of Reporting Impactful Bugs

2min

Exploring Open Redirect Vulnerabilities and Exploits in Web Development

19min

Exploration of Vulnerabilities in Bug Bounty Hunting

20min

10.

Exploring ID Oracles and Off Gadgets in Security Exploitation

6min

11.

Exploring Cache Deception and Local Storage Poisoning Vulnerabilities

16min

Episode 59: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the concept of gadgets and how they can be used to escalate the impact of vulnerabilities. We talk through things like HTML injection, image injection, CRLF injection, web cache deception, leaking window location, self-stored XSS, and much more.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Resources:

Even Better

NahamSec's 5 Week Program

NahamCon News

CSS Injection Research

Timestamps:

(00:00:00) Introduction

(00:03:31) Caido's New Features

(00:15:20) Nahamcon News and 5 week Bootcamp and pentest opportunity

(00:19:54) HTML Injection, CSS Injection, and Clickjacking

(00:33:11) Image Injection

(00:37:19) Open Redirects, Client-side path traversal, and Client-side Open Redirect