Episode 116: Auth Bypasses and Google VRP Writeups
Critical Thinking - Bug Bounty Podcast27 Mars 2025

Episode 116: Auth Bypasses and Google VRP Writeups

Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor: ThreatLocker Cloud Control - https://www.threatlocker.com/platform/cloud-control

====== Resources ======

SAML roulette: the hacker always wins

https://portswigger.net/research/saml-roulette-the-hacker-always-wins

Loophole of getting Google Form associated with Google Spreadsheet with no editor/owner access

https://bughunters.google.com/reports/vrp/yBeFmSrJi

Loophole to see the editors of a Google Document with no granted access(owner/editor) with just the fileid (can be obtained from publicly shared links with 0 access)

https://bughunters.google.com/reports/vrp/7EhAw2hur

Cloud Tools for Eclipse - Chaining misconfigured OAuth callback redirection with open redirect vulnerability to leak Google OAuth Tokens with full GCP Permissions

https://bughunters.google.com/reports/vrp/F8GFYGv4g

Next.js, cache, and chains: the stale elixir

https://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixir

Next.js and the corrupt middleware: the authorizing artifact

https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware

====== Timestamps ======

(00:00:00) Introduction

(00:02:59) SAML roulette

(00:13:08) Google bugs

(00:20:16) Next.js and the corrupt middleware

Avsnitt(166)

Episode 158: 10hr Marathon Hack-Along Recap + $300k Client-side Bugs

Episode 158: 10hr Marathon Hack-Along Recap + $300k Client-side Bugs

Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our personal takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 ...

22 Jan 58min

Episode 157: Crushing Pwn2Own & H1 with Kernel Driver Exploits

Episode 157: Crushing Pwn2Own & H1 with Kernel Driver Exploits

Episode 157: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Hypr to talk about hacking Mediatek and his experiences with HackerOne and Pwn2Own Ecosystems.Follow us on twitte...

15 Jan 1h 34min

Episode 156: Chill AMA from bugbounty.forum

Episode 156: Chill AMA from bugbounty.forum

Episode 156: In this episode of Critical Thinking - Bug Bounty Podcast we answer some fantastic questions from over at bugbounty.forumFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas an...

8 Jan 1h 23min

Episode 155: 2025 Hacker Stats & 2026 Goals

Episode 155: 2025 Hacker Stats & 2026 Goals

Episode 155: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn reflect on last year of Bug Bounty, and list their goals and predictions for what 2026 holds.Follow u...

1 Jan 1h 32min

Episode 154: Starting a Pentesting Company on Top of Bug Bounty

Episode 154: Starting a Pentesting Company on Top of Bug Bounty

Episode 154: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn talk through the transition from Bug Bounty hunting to Pentesting. We cover diversifying income streams, the c...

25 Dec 202541min

Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown

Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown

Episode 153: In this episode of Critical Thinking - Bug Bounty Podcast Matt Brown returns to talk with us about hacking robots, IOT hackbots, and his Zero-to-Hero Hardware Hacking Guide.Follow us on t...

18 Dec 20251h 16min

Episode 152: GeminiJack and Agentic Security with Sasi Levi

Episode 152: GeminiJack and Agentic Security with Sasi Levi

Episode 152: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Sasi Levi from Noma Security to talk about AI and Agentic Security. We also talk about ForcedLeak, a Google Verte...

11 Dec 20251h 21min

Episode 151: Client-side Advanced Topics

Episode 151: Client-side Advanced Topics

Episode 151: In this episode of Critical Thinking - Bug Bounty Podcast we’re covering Client-side advanced topics. Justin talks Joseph (and us) through Third-Party Cookie Nuances, Iframe Tricks, URL P...

4 Dec 20251h 7min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
market-makers
rss-elektrikerpodden
skogsforum-podcast
rss-laddstationen-med-elbilen-i-sverige
natets-morka-sida
gubbar-som-tjotar-om-bilar
har-vi-akt-till-mars-an
bilar-med-sladd
rss-technokratin
rss-it-sakerhetspodden
rss-veckans-ai
ai-sweden-podcast
bli-saker-podden
rss-uppgang-och-fall
developers-mer-an-bara-kod
rss-snacka-om-ai
rss-ai-med-katarina-gospic-och-viggo-cavling
rss-fabriken-2