Episode 88: News, Tools, and Writeups

Critical Thinking - Bug Bounty Podcast - A podcast by Justin Gardner (Rhynorater) & Joel Margolis (teknogeek) - Thursdays

Categories:

Episode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, and the Dockerization of Orange Confusion Attacks. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Shop our new swag store at ctbb.show/swagResourcesURL Validation Bypass cheat sheetSanicDNSOrange Confusion AttacksWordPress GiveWP POP to RCEXsstoolsBypassing browser tracking protectionAdvanced iframe MagicDOM Clobberinghttps://www.ruhrsec.de/downloads/slides/Everything-You-Wanted-to-Know-About-DOM-Clobbering-But-Were-Afraid-to-Ask-Soheil-Khodayari-RuhrSec.pdfAndhttps://domclob.xyz/domc_payload_generator/Timestamps:(00:00:00) Introduction(00:02:00) URL validation bypass(00:07:41) SanicDNS and Orange confusion attacks(00:20:06) WordPress GiveWP POP to RCE(00:31:29) Xsstools(00:43:56) Bypassing browser tracking protection(00:52:06) DOM Clobbering and mixing up your approach