Hacking Happy Hour: 0days on Tap and SQLi Shots (Ep. 118) скачать в хорошем качестве

Hacking Happy Hour: 0days on Tap and SQLi Shots (Ep. 118)

Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover a host of news and writeups, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a polyglot in llms.txt. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: [email protected] Shoutout to   / realytcracker   for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! ====== This Week In Bug Bounty ====== Congrats to p4fg for pssing 1 Million! https://hackerone.com/p4fg /reports/:id.json - $25K Crit https://hackerone.com/reports/3000510 Hacking Crypto pt1 https://www.bugcrowd.com/blog/hacking... The art of payload obfuscation https://www.yeswehack.com/learn-bug-b... ====== Resources ====== Doing the Due Diligence: Analyzing the Next.js Middleware Bypass (CVE-2025-29927) https://slcyber.io/assetnote-security... Nahamsec's Merch store https://merch.nahamsec.com/ llms.txt polyglot prompt injection example https://josephthacker.com/llms.txt React Router and the Remix’ed path https://zhero-web-sec.github.io/resea... Loose Types Sink Ships: Pre-Authentication SQL Injection in Halo ITSM https://slcyber.io/assetnote-security... Pwning Millions of Smart Weighing Machines with API and Hardware Hacking https://spaceraccoon.dev/pwning-milli... MCP Server Oauth https://x.com/tweetsbycolin/status/19... Cline https://x.com/cline/status/1907186512... “Credentialless” iframes https://developer.mozilla.org/en-US/d... poc #1 https://poc.rhynorater.com/qt/test.ht... poc #2 https://poc.rhynorater.com/qt/test.ht... Tiny XSS Payloads https://tinyxss.terjanq.me/ Johan Carlsson's types of Pollution   / discord   ====== Timestamps ====== (00:00:00) Introduction(00:05:56) Analyzing The Next.js Middleware bypass & Polyglots in llms.txt (00:16:35) CPDoS on React Router (00:24:26) Loose Types Sink Ships & Pwning Millions of Smart Weighing Machines (00:32:30) MCP Server Oauth & Cline (00:39:40) Clientside Tidbits (00:49:50) Prototype Pollutions (00:53:14) “Lack of Hard-coded User Confirmation in Sensitive Agent Action”