Name: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs (Ep. 90)
Uploaded: 2024-09-26T10:00:33+00:00
Description: Episode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about …

Episode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor.Then they cover some some research about SQL Injections, Clikjacking in Google Docs, and how to steal your Telegram account in 10 seconds.

Follow us on twitter at: https://twitter.com/ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to https://twitter.com/realytcracker for the awesome intro music!

====== Links ======
Find the Hackernotes: https://blog.criticalthinkingpodcast.io/
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Shop our new swag store at http://ctbb.show/swag
Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder

Resources:
Breaking Down Barriers: Exploiting Pre-Auth SQL Injection in WhatsUp Gold
https://summoning.team/blog/progress-whatsup-gold-sqli-cve-2024-6670/

Content-Type that can be used for XSS
https://github.com/BlackFan/content-type-research/blob/master/XSS.md#content-type-that-can-be-used-for-xss

Clikjacking Bug in Google Docs
https://x.com/rebane2001/status/1836653696639271329?t=qK4Z6rT_bOjbG3FjdC7VtQ&s=19

Justin's Gadget Link
https://www.youtube.com/signin?next=https%3A%2F%2Faccounts.youtube.com%2Faccounts%2FSetSID%3Fcontinue%3Dhttps%3A%2F%2Fwww.google.com%252Famp%252fpoc.rhynorater.com

Stealing your Telegram account in 10 seconds flat
https://lyra.horse/blog/2024/05/stealing-your-telegram-account-in-10-seconds-flat/

Timestamps
(00:00:00) Introduction
(00:08:28) Recent Hacks and Dupes
(00:14:00) Cursor
(00:25:02) Exploiting Pre-Auth SQL Injection in WhatsUp Gold
(00:34:17) Content-Type that can be used for XSS
(00:40:25) Caido updates
(00:43:14) Clikjacking in Google Docs, and Stealing Telegram account

5k Clickjacking, Encryption Oracles, and Cursor for PoCs (Ep. 90)

Listen On

Recent Episodes