Research TLDRs & Smuggling Payloads in Well Known Data Types (Ep. 72)
HTML-код
- Опубликовано: 22 май 2024
- Episode 72: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss some hot research from the past couple months. This includes ways to smuggle payloads in phone numbers and IPv6 Addresses, the NextJS SSRF, the PDF.JS PoC drop, and a GitHub Enterprise Indirect Method Information bug. Also, we have an attack vector featured from Monke!
Follow us on twitter at: / ctbbpodcast
Shoutout to / realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
/ 0xteknogeek
/ rhynorater
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Resources:
PDF.JS Bypass to XSS
github.com/advisories/GHSA-wg...
codeanlabs.com/blog/research/...
PDFium
NextJS SSRF by AssetNote
Better Bounty Transparency for hackers
Slonser IPV6 Research
Smuggling payloads in phone numbers
Automatic Plugin SQLi
DomPurify Bypass
Bug Bounty JP Podcast
Github Enterprise send() bug
x.com/creastery/status/178732...
x.com/Rhynorater/status/17885...
Timestamps:
(00:00:09) Introduction
(00:03:20) PDF.JS XSS and NextJS SSRF
(00:12:52) Better Bounty Transparency
(00:20:01) IPV6 Research and Phone Number Payloads
(00:28:20) Community Highlight and Automatic Plugin CVE-2024-27956
(00:33:26) DomPurify Bypass and Github Enterprise send() bug
(00:46:12) Caido cookie and header extension updates Наука
Shout out to riddle
Can you put the link of the tweet of the IPv6 research? I didn't find the tweet by zseano as well. I did find the xss in the phone number fields
28:45 i feel like programs would argue that this isnt actually bug and group admin should be careful not to invite malicious people.