Episode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, and the Dockerization of Orange Confusion Attacks.
Follow us on twitter at: https://twitter.com/ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://twitter.com/realytcracker for the awesome intro music!
====== Links ======
Find the Hackernotes: https://blog.criticalthinkingpodcast.io/
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Shop our new swag store at http://ctbb.show/swag
Resources:
URL Validation Bypass cheat sheet
https://x.com/PortSwiggerRes/status/1830981376318792132
SanicDNS
https://x.com/smiegles/status/1825461028664062089
Orange Confusion Attacks
https://x.com/har1sec/status/1827683325042987150
WordPress GiveWP POP to RCE
https://x.com/MrTuxracer/status/1828172466675687758
Xsstools
https://github.com/yeswehack/xsstools
Bypassing browser tracking protection
https://swarm.ptsecurity.com/bypassing-browser-tracking-protection-for-cors-misconfiguration-abuse/
Advanced iframe Magic
https://blog.huli.tw/2024/09/07/en/idek-ctf-2024-iframe/
DOM Clobbering
https://www.ruhrsec.de/downloads/slides/Everything-You-Wanted-to-Know-About-DOM-Clobbering-But-Were-Afraid-to-Ask-Soheil-Khodayari-RuhrSec.pdf
And
https://domclob.xyz/domc_payload_generator/
Timestamps:
(00:00:00) Introduction
(00:02:00) URL validation bypass
(00:07:41) SanicDNS and Orange confusion attacks
(00:20:06) WordPress GiveWP POP to RCE
(00:31:29) Xsstools
(00:43:56) Bypassing browser tracking protection
(00:52:06) DOM Clobbering and mixing up your approach
