[HackerNotes Ep. 124] Balancing Bug Bounty Freedom with Hacking Time

In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Joseph’s Anthropic safety testing, Justin’s guest appearance on For Crying Out Cloud, and several fascinating tweets. Then they have a quick Full-time Bug Bounty check-in.

Author

Yujilik
June 02, 2025

Hacker TL;DR

  • eq, lt, gt: When testing Supabase APIs (or similar) that use UUIDs in queries (e.g., id=eq.[uuid]), try injecting gt and lt operators. The application might unexpectedly process these comparisons on non-numeric UUIDs, potentially leading to information disclosure or other vulnerabilities due to flawed backend logic.

  • Detecting Cross-Origin Iframe Interactions:

    • To detect when a user clicks or uses shortcuts within a cross-origin iframe, use navigator.userActivation.isActive. The clever part is the continuous detection method: when an interaction triggers isActive, immediately "consume" the activation by opening and closing a tiny off-screen popup window.open().close(). This resets the flag, enabling detection of each subsequent interaction.

  • Clipjacking:

    • This UI redressing attack tricks a user into copying sensitive data from a hidden/overlaid target iframe. First, ensure the target site is iframeable (no strong X-Frame-Options or frame-ancestors CSP). Then, when the user performs an action on your page, believing they're copying something innocuous, they're actually copying data you've made selectable in the hidden target iframe. Your page can then use navigator.clipboard.readText() to steal this data.

  • Prompt Injection Tactics:

    • Faking Data Structure Endings: Manipulate an LLM by making it think a data structure has ended prematurely, then append your malicious commands as if they are new, legitimate instructions, using prompts like “additional instructions”.

    • Direct Tool Invocation: If you've managed to leak or discover the names of specific "tools" or functions an LLM agent can use, you can directly instruct the agent to use a particular tool with your malicious input, bypassing more general safety filters.

  • Exploiting <img>:

    • The <img> tag doesn't strictly require a src attribute to be processed by browsers if either the srcset attribute is present, or if the <img> tag is nested within a <picture> element that uses a <source srcset="..."> tag. This understanding can be useful for discovering edge cases in HTML sanitizers, WAF rules, or even XSS vectors where src attribute parsing is the main line of defense.

Tired of shadow IT and risky browsing?
Take control with ThreatLocker Web Control - block, allow, and monitor web access with precision.
Secure your users, reduce threats, and boost compliance in minutes.
Learn more: https://www.criticalthinkingpodcast.io/tl-webcontrol

eq lt gt

For anyone hacking on AI apps, here’s a cool tip.

Supabase API calls typically use a format like /object?id=eq.[uuid], where object can be any table. Rez0 experimented with UUIDs, but Justin Rhinehart (@sshell_) recently discovered something interesting: you can also use gt (greater than) and lt (less than) filters on UUIDs.

That’s surprising - UUIDs aren’t numeric, yet the API doesn't block these comparisons. Super weird, but potentially useful. Nice find!

Detecting User Actions in Cross-Origin Iframes

Jorian (@J0R1AN) shared a slick method for spotting user interactions (clicks, shortcuts) within cross-origin iframes using navigator.userActivation.isActive.

  • The script continuously checks navigator.userActivation.isActive. This flag turns true if the user interacts with the page (even an iframe within it).

  • window.open().close() on a tiny, off-screen popup immediately resets the isActive state. Without this, you'd only detect the first interaction. This "consumes" the activation, making it ready to detect the next click or shortcut.

  • Observe Interaction: Know if users are engaging with embedded third-party content.

  • Research Angle: Could be relevant for UI redressing or clickjacking research, as it provides a signal of user action within potentially restricted frames.

This is a targeted technique for getting around cross-origin limitations for observational purposes. The activation consumption is the clever bit here.

Clipjacking: Hacked by copying text

Clipjacking is a UI redressing attack to steal data via the user's clipboard, clickjacking, but for copying, the user thinks they're copying harmless text, but an overlaid iframe causes them to copy sensitive data from a backgrounded target site.

  • Requires iframeable target: Site must lack X-Frame-Options or have a weak CSP frame-ancestors. This is the entry point.

  • Clipboard API Abuse: Attacker site uses navigator.clipboard.readText() (or similar) after a user action (e.g., button click) to grab data from the hidden iframe.

    • Flow: User click → JS copies from target iframe → JS exfiltrates.

    • Attacker overlays target site elements with their own UI.

    • User types sensitive data into what appears to be the attacker's form, but is actually the target site's form in the iframe.

    • User is then tricked into manually copying (Ctrl+C) this data.

  • Cookie Impact: For authenticated attacks, target site cookies need SameSite=None.

  • Lax or Strict mitigates this specific vector.

Steps:

  1. Find Embeddable Sites: Check X-Frame-Options/CSP.

  2. Identify Sensitive Data Entry/Display: Where can credentials, PII, API keys be selected or typed?

  3. Test Clipboard Control: Can you use the API or reliably trick a copy action?

  • Stealthy: Users often don't realise they copied sensitive info.

  • Can Bypass CSRF Tokens: If the in-iframe action is legitimate.

Cool thread on X by @lefthanddraft, showcasing a few techniques like:

  • Tricking an LLM by faking the end of a data structure (like an email body) to inject your own commands.

  • Sometimes, you gotta tell the agent exactly which tool to use. If you've leaked system prompts or tool names before, this can be a clean way in.

Prompt injection is getting even more valuable now that Gemini can access a ton of personal information. Great tips!

Anthropic Bug Bounty Program

Anthropic is running an AI safety challenge - apply here or directly via this form.

They're looking for "universal jailbreaks" of their claude-4-opus model that can bypass safety measures for ASL-3 biological threats.

The task is to make their model provide detailed responses about isolating a virus. You can use existing or new jailbreak methods. If your prompt bypasses various safety measures, they’ll pay you a higher bounty; the better your prompt, the bigger the bounty.

  • Subsub Stuff: How we talk about niche stuff about the subtopic

img srcset

Here's a funny quirk: the src attribute is no longer required when srcset is present. Even more interesting is that you don't need either attribute if the <img> is wrapped inside a <source srcset>.

Google i/o + Tech News

Coding Agents:

Last week, both Google and OpenAI released their coding agents that can basically read your GitHub and make a pull request for you, and all you have to do is go read it later. and probably fix most of it

It's a really good step in the right direction, and it will be really cool when these tools can check the code themselves, because sometimes you ask for something and the end result is completely different or the feature doesn't do what you asked the LLM. When this technology arrives, coding will become just a matter of asking for the features that you want in your app, creating a page design through some app like Canva or Affinity Designer, and giving it to the AI to implement it for us + validate that it does what you asked of it.

You can check out Google Jules and OpenAI Codex here.

Google Glasses V2:

We all probably remember Google’s Smart Glasses, they were really cool but also bulky and made you look like a Saiyajin, but they revealed how the next generation of Android XR powered glasses will work and now it’s smarter, it can be a lot lighter and work from your phone instead of the glasses themselves.

With a camera and a microphone attached to the glasses, Gemini will be able to assist you with a variety of tasks like calls, general assistant tasks, and who knows what else.

As an Android user I’m really excited to use it, you can check this article about XR and this one about XR for glasses and headsets.

TLDR: Google released 100 things, so you got 100 things to hack. =)

Life of a Full-Time Bug Bounty Hunter

At the end, Rhyno and Rez0 discussed how it affects your mental health and how taking a step back and just being grateful for what you have at the moment can help you avoid stressing too much about always having to work more and more, because everything depends on your performance.

That pressure can really wreck your work-life balance and keep you from enjoying the “freedom” that you wanted when you decided to go full-time on bug bounty. Never let other people’s judgment of your life dictate how much you should be working or not; there is no right or wrong when it comes to deciding whether to keep grinding and trying to achieve more, or to take some time to enjoy your life. You just need to remember to stay healthy and recall why you decided to work for yourself in the first place.

Things they mentioned

  • Fun thing that they mentioned at the begging of the episode is that Justin hosts in his house a “hackalong” kind of event for his friends, and they found a couple of bugs live in the first few minutes of demoing how web applications work! If you think this is a fun idea, you should probably consider doing it too for your friends, it really helps and also keeps you focused on the task.

  • Also, we’ll get more content from the Critical Research team soon!

That's a wrap, see you next week!

As always, keep hacking!