Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X: 

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

Critical Research Lab:

https://lab.ctbb.show/ 

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Resources ======

Parser Differentials: When Interpretation Becomes a Vulnerability

https://www.youtube.com/watch?v=Dq_KVLXzxH8

XSS-Leak: Leaking Cross-Origin Redirects

https://blog.babelo.xyz/posts/cross-site-subdomain-leak/

Playing with HTTP/2 CONNECT

https://blog.flomb.net/posts/http2connect/

Next.js, cache, and chains: the stale elixir

https://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixir

SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL

https://watchtowr.com/wp-content/uploads/SOAPwnwatchtowr_soappwn-research-whitepaper_10-12-2025.pdf

Cross-Site ETag Length Leak

https://blog.arkark.dev/2025/12/26/etag-length-leak

Lost in Translation: Exploiting Unicode Normalization

https://www.youtube.com/watch?v=ETB2w-f3pM4

ORM Leaking More Than You Joined For

https://www.elttam.com/blog/leaking-more-than-you-joined-for/

Novel SSRF Technique Involving HTTP Redirect Loops

https://slcyber.io/research-center/novel-ssrf-technique-involving-http-redirect-loops/

Successful Errors: New Code Injection and SSTI Techniques

https://github.com/vladko312/Research_Successful_Errors

====== Timestamps ======

(00:00:00) Introduction

(00:02:33) Parser Differentials: When Interpretation Becomes a Vulnerability

(00:11:02) XSS-Leak: Leaking Cross-Origin Redirects

(00:18:25) Playing with HTTP/2 CONNECT

(00:22:10) Next.js, cache, and chains: the stale elixir

(00:29:15) SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL

(00:34:27) Cross-Site ETag Length Leak

(00:41:47) Lost in Translation: Exploiting Unicode Normalization

(00:47:27) ORM Leaking More Than You Joined For

(00:54:07) Novel SSRF Technique Involving HTTP Redirect Loops

(00:58:40) Successful Errors: New Code Injection and SSTI Techniques