Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots

Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature Bug

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: ThreatLocker - Patch Management

====== This Week in Bug Bounty ======

BitK's "Payload plz" challenge at LeHack

====== Resources ======

Make Self-XSS Great Again

Novel SSRF Technique Involving HTTP Redirect Loops

Surf - Escalate your SSRF vulnerabilities on Modern Cloud Environments

Gecko: Intent to prototype: Framebusting Intervention

Conducting smarter intelligences than me: new orchestras

Mandark

Lumentis

jscollab

Google Logo Ligature Bug

====== Timestamps ======

(00:00:00) Introduction

(00:03:55) Self-XSS and credentialless iframe

(00:16:50) Novel SSRF Technique Involving HTTP Redirect Loops

(00:25:02) Framebusting

(00:29:13) Reversing massive minified JS with AI

(00:53:12) Google Logo Ligature Bug