- Critical Thinking - Bug Bounty Podcast
- Archive
- Page 2
Archive
[HackerNotes Ep. 72] Research TLDRs & Smuggling Payloads in Well Known Data Types
Justin and Joel discuss some hot research from the past couple months. This includes ways to smuggle payloads in phone numbers and IPv6 Addresses, the NextJS SSRF, the PDF.JS PoC drop, and a GitHub Enterprise Indirect Method Information bug. Also, we have an attack vector featured from Monke!
[HackerNotes Ep. 68]: 0-days & HTMX-SS with Mathias
Mathias is back with some fresh HTMX research, including CSP bypass using HTMX triggers, converting client-side response header injection to XSS, and bypassing HTMX disable. Some cool behaviour in Cloudflares image optimization functionality is also dropped to achieve partial open redirect.
[HackerNotes Ep. 67] VDPs & Accidental Program VS Hacker Debate Part 2
The guys deep-dive on the topic of Vulnerability Disclosure Programs (VDPs) and whether they are beneficial or not. We also touch on the topic of leaderboard accuracy, and some methods of bypassing endpoints which have been restricted by WAFs or reverse proxies.