Critical Thinking - Bug Bounty Podcast
[email protected] (Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme))
Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS
FEB 5, 202645 MIN
Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS
FEB 5, 202645 MIN
Description
Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, & Magic String Denial of Service in Claude.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor: Adobe.Use code CTBB040126, and get a 10% bonus on your bounty for any AI vulnerability which is mapped to the OWASP LLM top 10.Valid on Adobe Acrobat Web - AI Assistant / PDF Spaces / Content Creation and presentation features using ExpressAdobe Express AI Assistant. Valid through April 1st, 2026Also we have a Google Cloud VRP Swag Bonus! Mention the podcast in any rewarded (cash or credit) VRP report submission before the end of April to receive bonus swag!====== Resources ======Cloudflare Zero-dayhttps://fearsoff.org/research/cloudflare-acmeTurning List-Unsubscribe into an SSRF/XSS Gadgethttps://security.lauritz-holtmann.de/post/xss-ssrf-list-unsubscribe/Breaking Multi-Tenant Isolation in Heroku Postgreshttps://allistair.sh/blog/breaking-heroku-postgres/Parse and Parse: MIME Validation Bypass to XSS via Parser Differentialhttps://lab.ctbb.show/research/parse-and-parse-mime-validation-bypass-to-xss-via-parser-differentialClaude Magic String Denial of Servicehttps://x.com/Frichette_n/status/2013988503336415522From WebView to Remote Code Injectionhttps://djini.ai/from-webview-to-remote-code-injection/DOM XSS Is Not Dead: The Rise of Polyglot Payloadshttps://blogs.jsmon.sh/dom-xss-is-not-dead-the-rise-of-polyglot-payloads/====== Timestamps ======(00:00:00) Introduction(00:06:17) Cloudflare Zero-day & Turning List-Unsubscribe into an SSRF/XSS Gadget(00:16:57) Breaking Multi-Tenant Isolation in Heroku Postgres & CTBB Research(00:25:46) Claude Magic String Denial of Service & From WebView to Remote Code Injection