Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Parser Differentials: When Interpretation Becomes a Vulnerabilityhttps://www.youtube.com/watch?v=Dq_KVLXzxH8XSS-Leak: Leaking Cross-Origin Redirectshttps://blog.babelo.xyz/posts/cross-site-subdomain-leak/Playing with HTTP/2 CONNECThttps://blog.flomb.net/posts/http2connect/Next.js, cache, and chains: the stale elixirhttps://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixirSOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDLhttps://watchtowr.com/wp-content/uploads/SOAPwnwatchtowr_soappwn-research-whitepaper_10-12-2025.pdfCross-Site ETag Length Leakhttps://blog.arkark.dev/2025/12/26/etag-length-leakLost in Translation: Exploiting Unicode Normalizationhttps://www.youtube.com/watch?v=ETB2w-f3pM4ORM Leaking More Than You Joined Forhttps://www.elttam.com/blog/leaking-more-than-you-joined-for/Novel SSRF Technique Involving HTTP Redirect Loopshttps://slcyber.io/research-center/novel-ssrf-technique-involving-http-redirect-loops/Successful Errors: New Code Injection and SSTI Techniqueshttps://github.com/vladko312/Research_Successful_Errors====== Timestamps ======(00:00:00) Introduction(00:02:33) Parser Differentials: When Interpretation Becomes a Vulnerability(00:11:02) XSS-Leak: Leaking Cross-Origin Redirects(00:18:25) Playing with HTTP/2 CONNECT(00:22:10) Next.js, cache, and chains: the stale elixir(00:29:15) SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL(00:34:27) Cross-Site ETag Length Leak(00:41:47) Lost in Translation: Exploiting Unicode Normalization(00:47:27) ORM Leaking More Than You Joined For(00:54:07) Novel SSRF Technique Involving HTTP Redirect Loops(00:58:40) Successful Errors: New Code Injection and SSTI Techniques