Episode 27: In this episode of Critical Thinking - Bug Bounty Podcast, we've switched places and now Joel is home while Justin is on the move. We break down seven esoteric web vulnerabilities, and talk Cookies, Config File Injections, Client-side path traversals and more. We also briefly discuss appliance hacking, new tools, and shout out some new talent in the hacking space. Don't miss this episode full of cool vulns, and experience Justin's vocal decline in real time.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Encrypted Doesn't Mean Authenticated:

https://blog.assetnote.io/2023/07/04/citrix-sharefile-rce/

Tweet about headless chrome browser

https://twitter.com/bhavukjain1/status/1678719047209484288?t=NWnZvwHTRMyH_lVC-uXe0g&s=19

Shout out to new talent within the hacking space

https://twitter.com/haxrob

https://twitter.com/atc1441

Tweet about hacking Google Search Appliance

https://twitter.com/orange_8361/status/1677378401957724160

Bitquark releases shortscan

https://twitter.com/bitquark/status/1677647450989838338

Hacking Starbucks

https://samcurry.net/hacking-starbucks/

Justin's CookieJar Tool

https://apps.rhynorater.dev/checkCookieJarOverflow.html

HackTricks

https://book.hacktricks.xyz/pentesting-web/hacking-with-cookies/cookie-jar-overflow

XSLeak

https://xsleaks.dev

Timestamps:

(00:00:00) Introduction

(00:04:00) Assetnote on ShareFile RCE

(00:13:05) Headless Browsers

(00:17:00) Hacker Content Creators

(00:22:51) Appliance Hacking

(00:30:31) Shortscan Release

(Start of main content)

(00:35:39) Config File Injection

(00:44:00) Client-side Path Traversal

(00:51:33) Cookie Bombing

(00:58:00) Cookie Jar Overflow

(01:03:50) XSLeak

(01:10:49) UNC Path Injection

(01:15:50) Impactful Link Hijack