Sign up to save your podcasts
Or
Share Episode 171: Path-Scoped Cookie Hacks with Uppercase & Post-based Raw Protobuf XSS
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 171: Path-Scoped Cookie Hacks with Uppercase & Post-based Raw Protobuf XSS
Episode 171: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us some quick tips from his own hacking, including some clickjacking, using capital letters, and the potential value of leaking ages
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Check out ThreatLocker Ringfencing
https://www.criticalthinkingpodcast.io/tl-rf
====== Resources ======
The ultimate Bug Bounty guide to OS command injection vulnerabilities
https://www.yeswehack.com/learn-bug-bounty/ultimate-guide-os-command-injection?utm_source=critical-thinking-podcast&utm_medium=youtube&utm_campaign=article-os-command-injection
Critical auth bypass in WordPress Azure AD SSO plugin due to missing OIDC id_token validation
https://www.yeswehack.com/news/auth-bypass-wordpress-azure-plugin?utm_source=critical-thinking-podcast&utm_medium=youtube&utm_campaign=article-wordpress-bypass-plugin
Aituglo featured on YWH
https://www.yeswehack.com/community/developer-aituglo-bug-bounty-story
Adobe will be sponsoring Ekoparty in Miami and hosting a live hacking event on May 21st
https://ekoparty.org/ekoparty-miami-2026-super-live-hacking-event/
====== Resources ======
SVG clickjacking
https://lyra.horse/blog/2025/12/svg-clickjacking/
====== Timestamps ======
(00:00:00) Introduction
(00:06:35) Protobuff XSS
(00:12:51) Leaking Age & CSPTs
(00:15:59) Capital Letters and Clickjacking
View all episodes
By Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)
5
5353 ratings
Episode 171: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us some quick tips from his own hacking, including some clickjacking, using capital letters, and the potential value of leaking ages
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Check out ThreatLocker Ringfencing
https://www.criticalthinkingpodcast.io/tl-rf
====== Resources ======
The ultimate Bug Bounty guide to OS command injection vulnerabilities
https://www.yeswehack.com/learn-bug-bounty/ultimate-guide-os-command-injection?utm_source=critical-thinking-podcast&utm_medium=youtube&utm_campaign=article-os-command-injection
Critical auth bypass in WordPress Azure AD SSO plugin due to missing OIDC id_token validation
https://www.yeswehack.com/news/auth-bypass-wordpress-azure-plugin?utm_source=critical-thinking-podcast&utm_medium=youtube&utm_campaign=article-wordpress-bypass-plugin
Aituglo featured on YWH
https://www.yeswehack.com/community/developer-aituglo-bug-bounty-story
Adobe will be sponsoring Ekoparty in Miami and hosting a live hacking event on May 21st
https://ekoparty.org/ekoparty-miami-2026-super-live-hacking-event/
====== Resources ======
SVG clickjacking
https://lyra.horse/blog/2025/12/svg-clickjacking/
====== Timestamps ======
(00:00:00) Introduction
(00:06:35) Protobuff XSS
(00:12:51) Leaking Age & CSPTs
(00:15:59) Capital Letters and Clickjacking
More shows like Critical Thinking - Bug Bounty Podcast
View all
Radiolab
43,837 Listeners
StarTalk Radio
14,353 Listeners
Hacked
187 Listeners
Security Now (Audio)
2,011 Listeners
The Vergecast
3,722 Listeners
Risky Business
371 Listeners
CyberWire Daily
1,028 Listeners
Click Here
418 Listeners
Darknet Diaries
8,077 Listeners
The Indicator from Planet Money
9,556 Listeners
The Jordan Harbinger Show
12,004 Listeners
Cybersecurity Today
175 Listeners
My First Million
2,660 Listeners
Cybersecurity Headlines
139 Listeners
The Ezra Klein Show
16,525 Listeners