Critical Thinking - Bug Bounty Podcast
@ctbbpodcast
A 'by Hackers for Hackers' podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest exploitation techniques.
ID:1600519214519013377
https://criticalthinkingpodcast.io 07-12-2022 15:54:57
1,1K Tweets
13,0K Followers
52 Following
WOW. Next level chaining by Johan Carlsson for a CSP Bypass in GitHub!
Drag and drop > Triggers HTML injection > Injects form > Triggers hash change > Triggers button click > Injects more > Triggers another click gadget > Triggers 2nd hash change > Triggers click to submit form.
2. In this episode of Critical Thinking - Bug Bounty Podcast, Johan Carlsson shares updates on his bug hunting journey, including a CSP bypass on GitHub and a critical finding in GitLab's pipeline. He also discusses his approach to using script gadgets. [MORE](youtube.com/watch?v=Env8L2…)
HackerNotes has dropped featuring last week's Critical Thinking - Bug Bounty Podcast episode with Johan Carlsson! Check it out for:
- CSP Bypasses
- Browser behaviour gadgets
- Critical bug writeups
- Full-time bug bounty tips
👇👇👇
blog.criticalthinkingpodcast.io/p/hackernotes-…
When the pod guests brings a path-based 307 semi-open redirect gadget that affects a large portion of the internet to share on the pod - you know you've found the one. 😍 Mathias Karlsson
example[.]com/cdn-cgi/image/onerror=redirect/http://hello[.]example[.]com
Another one of Mathias Karlsson's HTMX bugs from the pod. This one is an HTMX trigger attribute injection into an HTML element leading to XSS using a payload like this: <meta hx-trigger='x[1)}),alert(3);//]'>
Need a short domain for your XSS payload, but don't want to pay top dollar? Register a domain that can be written with alternate Unicode characters:
For example ㎉.℡ (3 chars) will be normalized to kcal.tel.
Cheat sheet: unicode.org/charts/normali…
#bugbountytips