(Ep. 113) Best Technical Takeaways from Portswigger Top 10 2024

Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here!

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://twitter.com/realytcracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
https://x.com/Rhynorater
https://x.com/rez0__

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Resources ======
Portswigger Top 10 list
https://portswigger.net/research/top-10-web-hacking-techniques-of-2024

Hijacking OAUTH flows via Cookie Tossing
https://snyk.io/articles/hijacking-oauth-flows-via-cookie-tossing/

ChatGPT Account Takeover - Wildcard Web Cache Deception
https://nokline.github.io/bugbounty/2024/02/04/ChatGPT-ATO.html

OAuth Non-Happy Path to ATO
https://blog.voorivex.team/oauth-non-happy-path-to-ato

CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js
https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/

CT Episode 72
https://ctbb.show/72

DoubleClickjacking: A New Era of UI Redressing
https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html

CT Episode 111
https://ctbb.show/111

WorstFit: Unveiling Hidden Transformers in Windows ANSI
https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/

CT Episode 103
https://ctbb.show/103

SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level
https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn%27t%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf

Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server
https://blog.orange.tw/posts/2024-08-confusion-attacks-en/

Middleware, middleware everywhere – and lots of misconfigurations to fix
https://labs.detectify.com/ethical-hacking/middleware-middleware-everywhere-and-lots-of-misconfigurations-to-fix/

====== Timestamps ======
(00:00:00) Introduction
(00:09:56) 10. Hijacking OAuth flows via Cookie Tossing
(00:17:30) 9. ChatGPT Account Takeover - Wildcard Web Cache Deception
(00:25:28) 8. OAuth Non-Happy Path to ATO
(00:29:24) 7. CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js
(00:37:37) 6. DoubleClickjacking: A New Era of UI Redressing
(00:44:54) 5. Exploring the DOMPurify library: Bypasses and Fixes
(00:48:01) 4. WorstFit: Unveiling Hidden Transformers in Windows ANSI
(00:56:29) 3. Unveiling TE.0 HTTP Request Smuggling
(01:06:40) 2: SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level
(01:14:05) 1. Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server