logo
episode-header-image
Jan 2024
1h 44m

Episode 55: Popping WordPress Plugins - ...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 55: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Wordpress Security Researcher Ram Gall to discuss both functionality and vulnerabilities within Wordpress Plugins.

Follow us on twitter

Send us any feedback here:

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

WordFence - Sign up as a researcher! https://ctbb.show/wf

---

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Hop on the CTBB Discord

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest:

Ramuel Gall

UpdraftPlus Vuln

XML-RPC PingBack

Unicode and Character Sets

Reflected XSS

POP Chain

WordpressPluginDirectory

Subscriber+ RCE in Elementor

Subscriber+ SSRF

Unauthed XSS via User-Agent header

Timestamps:

(00:00:00) Introduction

(00:05:55) Add_action & Nonces

(00:26:16) Add_filter & Register_rest_routes

(00:38:39) Page-related code & Shortcodes

(00:50:24) Top Sinks for WP

(01:02:19) Echo & SQLI Sinks

(01:15:07) Nonce Leak and wp_handle_upload

(01:18:16) Page variables & Pop Chains

(01:26:55) WP Escalations & Bug Reports

Up next
Yesterday
Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!
Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some news. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and sugges ... Show More
1h 4m
Oct 2
Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News
Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Meta’s $111750 Bug, PROMISQROUTE, and the opportunities afforded by going full time in Bug Bounty.Follow us on twitter at: https://x.com/ctbbpodcastGo ... Show More
54m 50s
Sep 25
Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)
Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any f ... Show More
1h 23m
Recommended Episodes
Feb 2023
Frontend Feud: CSS Podcast vs @keyframers (JS Party #264)
Una & Adam from The CSS Podcast defend their Frontend Feud title against challengers David & Shaw from the keyframers. Let’s get it on! Leave us a comment Changelog++ members save 6 minutes on this episode because they made the ads disappear. Join today! Sponsors: Sentry – Sessio ... Show More
51m 10s
Feb 2023
Frontend Feud: CSS Podcast vs @keyframers
Una & Adam from The CSS Podcast defend their Frontend Feud title against challengers David & Shaw from the keyframers. Let’s get it on! Leave us a comment Changelog++ members save 6 minutes on this episode because they made the ads disappear. Join today! Sponsors: Sentry – Sessio ... Show More
51m 10s
Jun 2022
Supper Club × Is No Code going to take our jobs? with Connor Finlayson
In this supper club episode of Syntax, Wes and Scott talk with Connor Finlayson about his experience building and teaching no code projects. Postlight Podcast - Sponsor Postlight is a strategy, design, and engineering firm that builds platforms for some of the biggest organizatio ... Show More
1h 1m
Oct 2020
Spooky Web Dev Stories — Part 2
In this episode of Syntax, Scott and Wes are back for another episode of spooky web dev stories — listener-submitted stories about web dev gone wrong. LogRocket - Sponsor LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s ... Show More
1h 2m
Sep 2021
Changelog Frontend Feud
In this episode of Syntax, Scott and Wes do a crossover episode with Changelog’s JS Party! Your favorite web dev podcasts join forces for a super collab that’ll knock you frontend off! Amelia joins Chris Coyier and Dave Rupert from ShopTalk Show, while Divya teams up with Wes Bos ... Show More
53m 15s
Feb 2024
730: Own Your Own PaaS
Scott and Wes talk about the benefits of owning your own PaaS (platform as a service), the main alternatives in the space, and ways to make passion projects more financially viable. Show Notes 00:00 Welcome to Syntax! 01:12 Brought to you by Sentry.io. 01:56 What is a PaaS? NGINX ... Show More
57m 58s
Feb 2024
🔒 Exploring English Vocabulary: Remote Working with Lindsay
Subscriber-only episodeE186: 🎙️  Welcome to another Bonus Episode, Plus Members! Thank you for tuning in once again. Today, we're delving into the nitty-gritty of some vocabulary discussed in my recent chat with Lindsay in Episode 185: Native English Conversation: Remote Working ... Show More
10 m
Feb 2024
Episode 108 - Diving into Amazon Q Builder with Clare Liguori
🚀 Dive into the world of AI with Morgan Willis, Principal Cloud Technologist for AWS, as she interviews Clare Liguori, a Senior Principal Software Engineer at AWS and one of the visionaries behind Amazon Q. Discover the secrets behind this groundbreaking Generative AI conversati ... Show More
48m 6s
Feb 2024
Your English Five a Day #16.1
E180: 🎙️ Welcome to The English Like a Native Podcast with me, Anna! Tune in to Week 16, Day 1 of Your English Five a Day, where we boost your active vocabulary with five new words every weekday. 🌟 Today's list kicks off with "tactic" and then we look at the verb "establish". N ... Show More
13m 35s
Listen to millions of songs and podcasts on Anghami