Categories

5k Clickjacking, Encryption Oracles, and Cursor for PoCs (Ep. 90)

Published: 26 September 2024
on channel: Critical Thinking - Bug Bounty Podcast
1,842
71

Episode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor. Then they cover some some research about SQL Injections, Clickjacking in Google Docs, and how to steal your Telegram account in 10 seconds.

Follow us on twitter at:   / ctbbpodcast  
We're new to this podcasting thing, so feel free to send us any feedback here: [email protected]

Shoutout to   / realytcracker   for the awesome intro music!

====== Links ======
Find the Hackernotes: https://blog.criticalthinkingpodcast.io/
Follow your hosts Rhynorater & Teknogeek on twitter:
  / 0xteknogeek  
  / rhynorater  

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Shop our new swag store at http://ctbb.show/swag
Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.i...

Resources:
Breaking Down Barriers: Exploiting Pre-Auth SQL Injection in WhatsUp Gold
https://summoning.team/blog/progress-...

Content-Type that can be used for XSS
https://github.com/BlackFan/content-t...

Clickjacking Bug in Google Docs
https://x.com/rebane2001/status/18366...

Justin's Gadget Link
https://www.youtube.com/signin?next=h...

Stealing your Telegram account in 10 seconds flat
https://lyra.horse/blog/2024/05/steal...


Timestamps
(00:00:00) Introduction
(00:08:28) Recent Hacks and Dupes
(00:14:00) Cursor
(00:25:02) Exploiting Pre-Auth SQL Injection in WhatsUp Gold
(00:34:17) Content-Type that can be used for XSS
(00:40:25) Caido updates
(00:43:14) Clickjacking in Google Docs, and Stealing Telegram account

Watch video 5k Clickjacking, Encryption Oracles, and Cursor for PoCs (Ep. 90) online without registration, duration hours minute second in high quality. This video was added by user Critical Thinking - Bug Bounty Podcast 26 September 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1,84 once and liked it 7 people.

play_arrow
41,37
52

Is Shopify Dropshipping Actually Difficult? My Honest Answer For Beginners

Is Shopify Dropshipping Actually Difficult? My Honest Answer For Beginners
play_arrow
37
1

Interior design Timelapse Vray Render 3ds max tutorials for beginners in Tamil

Interior design Timelapse Vray Render 3ds max tutorials for beginners in Tamil
play_arrow

The Walking Dead Season 2 Part 30

The Walking Dead Season 2 Part 30
play_arrow
58,65
2.7K

Русская школьница жестоко избита мигрантом ради лайков! Куда смотрит школа?!

Русская школьница жестоко избита мигрантом ради лайков! Куда смотрит школа?!
play_arrow
5,768,82
122K

Raw oysters

Raw oysters

play_arrow
3,809,88
123K

COMPLETA💫Venganza contra el infiel y su mejor amiga | Cásate con mi esposo | MANHWA COMPLETO

COMPLETA💫Venganza contra el infiel y su mejor amiga | Cásate con mi esposo | MANHWA COMPLETO
play_arrow
1

Water heater electrocution V2 (updated)

Water heater electrocution V2 (updated)
play_arrow
26

Ic3 Fr0g Gaming🇰🇭 VS Noobie GMK🇰🇭 Full GamePlay(Player Unknow Battle Ground)

Ic3 Fr0g Gaming🇰🇭 VS Noobie GMK🇰🇭 Full GamePlay(Player Unknow Battle Ground)
Related
play_arrow
Zendesk Fiasco & the CTBB Naughty List (Ep. 94)

Zendesk Fiasco & the CTBB Naughty List (Ep. 94)
play_arrow
Why note taking is good for your health!

Why note taking is good for your health!
play_arrow
My struggle with LHE burnout!

My struggle with LHE burnout!
play_arrow
Is THIS the most underrated skill in bug bounty?

Is THIS the most underrated skill in bug bounty?
play_arrow
I ignored SSRF for too long...

I ignored SSRF for too long...
play_arrow
A Chat with Dr. Bouman - Life as a Hacker and a Doctor (Ep.93)

A Chat with Dr. Bouman - Life as a Hacker and a Doctor (Ep.93)
play_arrow
The BEST bugs for new hunters (with @gr3pme)

The BEST bugs for new hunters (with @gr3pme)
play_arrow
When IoT hacking meets Indiana Jones!

When IoT hacking meets Indiana Jones!
play_arrow
Want to learn hardware hacking? Try this.

Want to learn hardware hacking? Try this.
play_arrow
Plain text session tokens... ON FACEBOOK!?

Plain text session tokens... ON FACEBOOK!?
play_arrow
SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser (Ep. 92)

SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser (Ep. 92)
play_arrow
Be careful what you sell on eBay!

Be careful what you sell on eBay!
play_arrow
POCs failing? Here’s the problem AND the fix.

POCs failing? Here’s the problem AND the fix.
play_arrow
PHP stripslashes() DOESN'T strip slashes!?

PHP stripslashes() DOESN'T strip slashes!?
play_arrow
Zero to LHE in 9 Months (feat gr3pme) (Ep. 91)

Zero to LHE in 9 Months (feat gr3pme) (Ep. 91)
play_arrow
PortSwigger's new release is a BANGER!

PortSwigger's new release is a BANGER!
play_arrow
How 25 characters can get you a SHELL!

How 25 characters can get you a SHELL!
play_arrow
UNBELIEVABLE OS Command Injection technique!? 😱

UNBELIEVABLE OS Command Injection technique!? 😱
play_arrow
Using x-request-id to access ANY account via Header Injection!

Using x-request-id to access ANY account via Header Injection!
play_arrow
5k Clickjacking, Encryption Oracles, and Cursor for PoCs (Ep. 90)

5k Clickjacking, Encryption Oracles, and Cursor for PoCs (Ep. 90)
play_arrow
Exploiting X-REQUEST-ID to write PHP in /var/www!

Exploiting X-REQUEST-ID to write PHP in /var/www!
play_arrow
RELATIONSHIP HACKS for bug bounty hunters.

RELATIONSHIP HACKS for bug bounty hunters.
play_arrow
How does Justin STAY MOTIVATED? Here's how.

How does Justin STAY MOTIVATED? Here's how.
play_arrow
How long does it take to find a bug in a new scope?

How long does it take to find a bug in a new scope?