Bug Bounty Gadget Hunting & Hacker's Intuition (Ep. 59)
HTML-код
- Опубликовано: 11 июл 2024
- Episode 59: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the concept of gadgets and how they can be used to escalate the impact of vulnerabilities. We talk through things like HTML injection, image injection, CRLF injection, web cache deception, leaking window location, self-stored XSS, and much more.
Follow us on twitter at: / ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to / realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
/ 0xteknogeek
/ rhynorater
====== Ways to Support CTBBPodcast ======
Sign up for caido.io/ using the referral code CTBBPODCAST for a 10% discount.
Hop on the CTBB Discord at ctbb.show/discord!
We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Resources:
Even Better
github.com/bebiksior/EvenBetter
NahamSec's 5 Week Program
/ 1757082111100768277
NahamCon News
/ 1757117371507216852
CSS Injection Research
portswigger.net/research/blin...
Timestamps:
(00:00:00) Introduction
(00:03:31) Caido's New Features
(00:15:20) Nahamcon News and 5 week Bootcamp and pentest opportunity
(00:19:54) HTML Injection, CSS Injection, and Clickjacking
(00:33:11) Image Injection
(00:37:19) Open Redirects, Client-side path traversal, and Client-side Open Redirect
(00:49:51) Leaking window.location.href
(00:57:15) Cookie refresh gadget
(01:01:40) Stored XXS
(01:09:01) CRLF Injection
(01:13:24) 'A Place To Stand' in GraphQL and ID Oracle
(01:18:23) Auth gadgets, Web Cache Deception, & LocalStorage poisoning
(01:27:46) Cookie Injection & Context Breaks 
Наука
![Sean Rii, Karyon, Sharzkii - Taungule [My Love] (Official Music Video)](http://i.ytimg.com/vi/eJoMuypbSzQ/mqdefault.jpg)
I love how this community is growing, just a year ago I didn't know what to do with my life until I discovered the bug bounty through your podcast. I am pleased to witness the growth of this community from the beginning.
Did you have any previous knowledge? Where are you now did you find some bugs?
If the Pod opening music wasn't so sick I'd say it should be changed to the music from Inspector Gadget LMAO Great show again :)
Keep up the amazing content guys. I look forward to every new episode
At what point would you go from holding onto a 'gadget', e.g. an open redirect, or an html injection issue, to simply reporting it - probably expecting a Low - if it can't be escalated on further testing?
Great question - as a long-term hunter - pretty much never unless it's an LHE and I think I need the extra money/rep to place in a different tier (top 10, top 5, top 3).
where is php type confusion