Episode 183: PortSwigger Research Impossible XSS SOLVED

Episode 183: PortSwigger Research Impossible XSS SOLVED

Episode 183: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Brandyn talk about looking at AI features like tech features, Using AI to leak private repos, and solving PortSwigger’s Unexploitable XSS labs


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!



====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/


Need a Pentest? We just launched CTBB Pentests!

https://pentest.ctbb.show/


Hack full time? Check out the Full-Time Hunter’s Guild!

https://ctbb.show/fthg


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!


Today's Sponsor: Check out Zero Trust Network Access:

https://www.criticalthinkingpodcast.io/tl-ztna


====== This Week in Bug Bounty ======

How LLMs are changing Bug Bounty Interview series

https://www.yeswehack.com/fr/community/llms-bug-bounty-interview-aituglo

https://www.yeswehack.com/fr/community/llms-bug-bounty-interview-rhynorater


https://www.yeswehack.com/fr/community/llms-bug-bounty-interview-icare


====== Resources ======

$15k - CSPT to full account takeover, then 2FA bypass via the prototype chain

https://whoareme.com/blog/cspt-account-takeover-2fa-bypass/


Two Bypasses for Chrome’s Sanitizer API

https://slcyber.io/research-center/two-bypasses-for-chromes-sanitizer-api/


Documenting the impossible: Unexploitable XSS labs

https://portswigger.net/research/documenting-the-impossible-unexploitable-xss-labs


GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos

https://noma.security/blog/gitlost-how-we-tricked-githubs-ai-agent-into-leaking-private-repos/


Chaining Razor SSTI into RCE via Reflection and Runtime Strings

https://phsi.se/posts/chaining-razor-ssti-into-rce-via-reflection-and-runtime-strings/


====== Timestamps ======

(00:00:00) Introduction

(00:06:07) AI Features Are Just Tech Features

(00:20:02) CSPT to full Account Takeover & Other Chains

(00:35:27) Sanitizer API for Chrome and Firefox

(00:46:57) Solving PortSwigger's Impossible Lab & GitLost

(01:01:19) SSTI into RCE via Reflection

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(183)

Episode 182: Partial Auth, Hackbot GraphQL, and AI's #1 Mission

Episode 182: Partial Auth, Hackbot GraphQL, and AI's #1 Mission

Episode 182: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some recent bugs involving WPM, MCP, and a possible emerging bug class using Wayback. We also talk about some Graph...

9 Juli 39min

Episode 181: Bug Bounty Singularity

Episode 181: Bug Bounty Singularity

Episode 181: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and XSSDoctor talk about building a Hackbot.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestion...

2 Juli 52min

Episode 180: State of Bug Bounty Maturity Posture Report

Episode 180: State of Bug Bounty Maturity Posture Report

Episode 180: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Steve Hernandez, founder of the Bug Bounty Maturity Framework (BBMF), to walk us through the inaugural State of B...

25 Juni 1h 12min

Episode 179: Maintaining Motivation in Post-AI Bug Bounty World

Episode 179: Maintaining Motivation in Post-AI Bug Bounty World

Episode 179: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to stay motivated and keep the vibes strong during this trying time for Bug Bounty.Follow us on twitter at: htt...

18 Juni 46min

Episode 178: 600k in ~3 months - BruteCat pt 2

Episode 178: 600k in ~3 months - BruteCat pt 2

Episode 178: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with BruteCat to finish up our discussion on hacking Google. This week we hit AI.Follow us on twitter at: https://x.co...

11 Juni 1h 23min

Episode 177: 2x Google RCE with VRP Legend Brutecat

Episode 177: 2x Google RCE with VRP Legend Brutecat

Episode 177: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by BruteCat to talk about his journey hacking Google Cloud, Gmail, Youtube, and Google Phone.Follow us on twitter at...

4 Juni 1h 25min

Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)

Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)

Episode 176: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by top Adobe hacker Jim Green to deep-dive AEM. We talk through Sling selectors, Permissions, and how to spot AEM Re...

28 Maj 1h 50min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
market-makers
natets-morka-sida
rss-elektrikerpodden
rss-technokratin
skogsforum-podcast
developers-mer-an-bara-kod
bli-saker-podden
rss-veckans-ai
rss-heja-framtiden
rss-uppgang-och-fall
rss-snacka-om-ai
har-vi-akt-till-mars-an
allt-du-behover-veta-om-ny-teknik
solcellskollens-podcast
rss-en-ai-till-kaffet
rss-inet-patch-notes
rss-hit-med-dina-lunchpengar
rss-milpodden