In this episode of Critical Thinking - Bug Bounty Podcast, we're back with Joel, fresh (haha) off of back-to-back live hack events in London and Seoul. We start with his recap of the events, and the different vibes of each LHE, then we dive into the technical thick of it, and talk web browsers, XSS vectors, new tools, CVSS 4, and much more than we can fit in this character limit. Just trust us when we say you don’t want to miss it!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

______

Episode 26 links:

https://linke.to/Episode26Notes

______

Timestamps:

(00:00:00) Introduction

(00:04:10) LHE Vibes

(00:07:45) "Hunting for NGINX alias traversals in the wild"

(00:12:30) Various payouts in bug bounty programs

(00:16:05) New XSS vectors and popovers

(00:24:15) The "magical math element" in Firefox

(00:27:15) LiveOverflow's research on HTML parsing quirks

(00:32:10) Mr. Tux Racer, Woocommerce, and WordPress

(00:40:00) Changes in the CVSS 4 draft spec

(00:45:00) TomNomNom's new tool Jsluise

(00:51:15) JavaScript's import function

(00:55:30) Gareth Hayes' book "JavaScript for Hackers"

(01:02:24) Injecting JavaScript variables

(01:09:15) Prototype pollution

(01:13:15) DOM clobbering

(01:18:10) Exploiting HTML injection using meta and base tags

(01:25:00) CSS Games

(01:28:00) Base tags