Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots - podcast episode cover

Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots

Critical Thinking - Bug Bounty Podcast
Apr 10, 202558 minSeason 1Ep. 118
--:--
--:--
Listen in podcast apps:
Metacast
Spotify
Youtube
RSS

Episode description

Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a polyglot in llms.txt.

Follow us on X

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow Rhynorater and Rez0 on X

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

You can also find some hacker swag!

====== Resources ======

p4fg passed 1 Million!

/reports/:id.json - $25K Crit

Hacking Crypto pt1

The art of payload obfuscation

Analyzing the Next.js Middleware Bypass

Nahamsec's Merch store

llms.txt polyglot prompt injection

React Router and the Remix’ed path

Pre-Authentication SQL Injection in Halo ITSM

Pwning Millions of Smart Weighing Machines

MCP Server Oauth

Cline

“Credentialless” iframes

Tiny XSS Payloads

Types of Pollution

====== Timestamps ======

(00:00:00) Introduction

(00:05:56) Next.js Middleware bypass & Polyglots in llms.txt

(00:16:35) CPDoS on React Router

(00:24:26) Loose Types Sink Ships & Pwning Smart Scales

(00:32:30) MCP Server Oauth & Cline

(00:39:40) Clientside Tidbits & Prototype Pollutions

For the best experience, listen in Metacast app for iOS or Android
Open in Metacast
Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots | Critical Thinking - Bug Bounty Podcast - Listen or read transcript on Metacast