Sign up to save your podcasts
Or
Share Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS
Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, & Magic String Denial of Service in Claude.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor: Adobe.
Use code CTBB040126, and get a 10% bonus on your bounty for any AI vulnerability which is mapped to the OWASP LLM top 10.
Valid on Adobe Acrobat Web - AI Assistant / PDF Spaces / Content Creation and presentation features using Express
Adobe Express AI Assistant.
Valid through April 1st, 2026
Also we have a Google Cloud VRP Swag Bonus! Mention the podcast in any rewarded (cash or credit) VRP report submission before the end of April to receive bonus swag!
====== Resources ======
Cloudflare Zero-day
https://fearsoff.org/research/cloudflare-acme
Turning List-Unsubscribe into an SSRF/XSS Gadget
https://security.lauritz-holtmann.de/post/xss-ssrf-list-unsubscribe/
Breaking Multi-Tenant Isolation in Heroku Postgres
https://allistair.sh/blog/breaking-heroku-postgres/
Parse and Parse: MIME Validation Bypass to XSS via Parser Differential
https://lab.ctbb.show/research/parse-and-parse-mime-validation-bypass-to-xss-via-parser-differential
Claude Magic String Denial of Service
https://x.com/Frichette_n/status/2013988503336415522
From WebView to Remote Code Injection
https://djini.ai/from-webview-to-remote-code-injection/
DOM XSS Is Not Dead: The Rise of Polyglot Payloads
https://blogs.jsmon.sh/dom-xss-is-not-dead-the-rise-of-polyglot-payloads/
====== Timestamps ======
(00:00:00) Introduction
(00:06:17) Cloudflare Zero-day & Turning List-Unsubscribe into an SSRF/XSS Gadget
(00:16:57) Breaking Multi-Tenant Isolation in Heroku Postgres & CTBB Research
(00:25:46) Claude Magic String Denial of Service & From WebView to Remote Code Injection
View all episodes
By Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)
5
5353 ratings
Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, & Magic String Denial of Service in Claude.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor: Adobe.
Use code CTBB040126, and get a 10% bonus on your bounty for any AI vulnerability which is mapped to the OWASP LLM top 10.
Valid on Adobe Acrobat Web - AI Assistant / PDF Spaces / Content Creation and presentation features using Express
Adobe Express AI Assistant.
Valid through April 1st, 2026
Also we have a Google Cloud VRP Swag Bonus! Mention the podcast in any rewarded (cash or credit) VRP report submission before the end of April to receive bonus swag!
====== Resources ======
Cloudflare Zero-day
https://fearsoff.org/research/cloudflare-acme
Turning List-Unsubscribe into an SSRF/XSS Gadget
https://security.lauritz-holtmann.de/post/xss-ssrf-list-unsubscribe/
Breaking Multi-Tenant Isolation in Heroku Postgres
https://allistair.sh/blog/breaking-heroku-postgres/
Parse and Parse: MIME Validation Bypass to XSS via Parser Differential
https://lab.ctbb.show/research/parse-and-parse-mime-validation-bypass-to-xss-via-parser-differential
Claude Magic String Denial of Service
https://x.com/Frichette_n/status/2013988503336415522
From WebView to Remote Code Injection
https://djini.ai/from-webview-to-remote-code-injection/
DOM XSS Is Not Dead: The Rise of Polyglot Payloads
https://blogs.jsmon.sh/dom-xss-is-not-dead-the-rise-of-polyglot-payloads/
====== Timestamps ======
(00:00:00) Introduction
(00:06:17) Cloudflare Zero-day & Turning List-Unsubscribe into an SSRF/XSS Gadget
(00:16:57) Breaking Multi-Tenant Isolation in Heroku Postgres & CTBB Research
(00:25:46) Claude Magic String Denial of Service & From WebView to Remote Code Injection
More shows like Critical Thinking - Bug Bounty Podcast
View all
Radiolab
43,837 Listeners
StarTalk Radio
14,353 Listeners
Hacked
187 Listeners
Security Now (Audio)
2,011 Listeners
The Vergecast
3,722 Listeners
Risky Business
371 Listeners
CyberWire Daily
1,028 Listeners
Click Here
418 Listeners
Darknet Diaries
8,077 Listeners
The Indicator from Planet Money
9,556 Listeners
The Jordan Harbinger Show
12,004 Listeners
Cybersecurity Today
175 Listeners
My First Million
2,660 Listeners
Cybersecurity Headlines
139 Listeners
The Ezra Klein Show
16,525 Listeners