Description
<p>Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here!</p><p>Follow us on X at: <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/ctbbpodcast">https://x.com/ctbbpodcast</a></p><p>Got any ideas and suggestions? Feel free to send us any feedback here: <a target="_blank" rel="noopener noreferrer nofollow" href="mailto:info@criticalthinkingpodcast.io">info@criticalthinkingpodcast.io</a></p><p>Shoutout to<a target="_blank" rel="noopener noreferrer nofollow" href="https://twitter.com/realytcracker"> YTCracker</a> for the awesome intro music!</p><p><strong>====== Links ======</strong></p><p>Follow your hosts <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/Rhynorater">Rhynorater</a> and <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/rez0__">Rez0</a> on X: </p><p><strong>====== Ways to Support CTBBPodcast ======</strong></p><p>Hop on the <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/discord">CTBB Discord</a>!</p><p>We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.</p><p>You can also find some <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/merch">hacker swag</a>!</p><p><strong>====== Resources ======</strong></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://snyk.io/articles/hijacking-oauth-flows-via-cookie-tossing/">Hijacking OAUTH flows via Cookie Tossing</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://nokline.github.io/bugbounty/2024/02/04/ChatGPT-ATO.html">ChatGPT Account Takeover - Wildcard Web Cache Deception</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://blog.voorivex.team/oauth-non-happy-path-to-ato">OAuth Non-Happy Path to ATO</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/">CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html">DoubleClickjacking: A New Era of UI Redressing</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/">WorstFit: Unveiling Hidden Transformers in Windows ANSI</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn%27t%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf">SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://blog.orange.tw/posts/2024-08-confusion-attacks-en/">Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://labs.detectify.com/ethical-hacking/middleware-middleware-everywhere-and-lots-of-misconfigurations-to-fix/">Middleware, middleware everywhere – and lots of misconfigurations to fix</a></p><p><strong>====== Timestamps ======</strong></p><p>(00:00:00) Introduction</p><p>(00:09:56) Hijacking OAuth flows via Cookie Tossing</p><p>(00:17:30) ChatGPT Account Takeover</p><p>(00:25:28) OAuth Non-Happy Path to ATO</p><p>(00:29:24) CVE-2024-4367</p><p>(00:37:37) DoubleClickjacking:</p><p>(00:44:54) Exploring the DOMPurify library</p><p>(00:48:01) WorstFit</p><p>(00:56:29) Unveiling TE.0 HTTP Request Smuggling</p><p>(01:06:40) SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level </p><p>(01:14:05) Confusion Attacks</p>
