Sign up to get updates from us
Used a "?" before "@" to terminate an OAuth flow redirect URI, control the redirect location, and leak the oauth code.
Sam Curry explains how he found a bug in a video game where he could set the price of a $500 in-game package to a penny.
How Sam Curry gained access to someone else's Tesla via an integer parsing bug!
Sam Curry shares how he hacked a casino slot machine to generate an unlimited balance.
Just one of his many crazy stories from last week!
Episode 66: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the recent YesWeHack Louis Vuitton LHE, the importance of failure as growth in bug bounty, and Justin shares his research on CDN CGI. Follow us on twitter at: https://twitter.com/ctbbpodcast We're new to this podcasting…
Got paid 150% of what a bug normally gets paid just by adding more visual impact through answering these 3 questions: 1. How would the payload be distributed? 2. How it would be exploited once the user clicks on the link etc? 3. How could it be wormed?
DOM Purify Type Confusion by @slonser_ How? 1. DOM Purify converts XML tags to HTML comment tags 2. Leaving the closing bracket empty, escapes to an HTML context allowing for onerror="alert(1)" and other fun stuff!
If you do these two things well and with any kind of volume or repetition, you should be finding things!
Episode 65: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with Sam Curry to discuss the ethical considerations and effectiveness of hacking, the importance of good intent, and the enjoyment Sam derives from pushing the boundaries to find bugs. He shares stories of his experiences,…
Exploiting HTTP request verb confusion via the __RequestVerb header to leak .NET remoting URLs.
Jason explains how he built his self proclaimed best ever tool - SecGPT.
Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also touch on the…
Jason explains how he used a few simple tools to find 12 apex domains that no other hunters knew about!
Signing up to developer programs, creating bank accounts and joining reseller programs, are awesome ways to gain additional app functionality that most people can't be bothered to go through!
Jason Haddix explains why webhooks and integrations are a great starting place to look for bugs.
Recently smuggled some sensitive data via CSS injection and sequential import chaining!
Episode 63: In this episode of Critical Thinking - Bug Bounty Podcast we welcome back Jason Haddix (From Episode 12) to talk about some updates to his The Bug Hunter's Methodology, as well as his own personal life and hacking journey. We talk about the start of his new company,…
This exploit is da bomb: Exploiting cookie bombing for session hijacking!
Discovered an iFrame hijack using window.open and two iframes that allowed me to do some fun postMessage stuff.
JR0ch17 accidentally discovered a bug in an OAuth flow where sending constant requests to the token refresh endpoint without a refresh token or authentication, could grant an access token during another user's login process!
lollll JR0ch17 ruins a guy's day when a year old blind XSS payload finally pops... via a complaint sent to an internal email system about JR0ch17's behaviour.
This one deserves a golf clap for sure.
Episode 62: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with some additional research resources that didn’t make the Portswigger Top-Ten, but that are worth looking at. Follow us on twitter at: https://twitter.com/ctbbpodcast Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout…
