Episode 119: Abusing Iframes from a client-side hacker

Critical Thinking - Bug Bounty Podcast

Apr 17, 2025•34 min•Season 1Ep. 119

--:--

Listen in podcast apps:

Listen to this episode in Metacast mobile app

Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Episode 119: In this episode of Critical Thinking - Bug Bounty Podcast Justin does a mini deep dive into the world of iframes, starting with why they’re significant, their attributes, and how to attack them.

CORRECTION: Some of my comments on the latest episode of the pod were woefully inaccurate about the `csp` attribute of an iframe. Def should have read the spec more thoroughly. Please see the #corrections channel in Discord for the deets.

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Resources ======

Episode with JR0ch17

ctbb.show/61

Exacerbating Cross-Site Scripting: The Iframe Sandwich

https://coopergyoung.com/exacerbating-cross-site-scripting-the-iframe-sandwich/

====== Timestamps ======

(00:00:00) Introduction

(00:01:20) Why are Iframes useful

(00:05:11) Attributes of Iframes

(00:21:39) Iframe Attacks

(00:29:53) Iframe Fun Facts

For the best experience, listen in Metacast app for iOS or Android

Open in Metacast