logo
episode-header-image
Jan 2024
1h 44m

Episode 55: Popping WordPress Plugins - ...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 55: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Wordpress Security Researcher Ram Gall to discuss both functionality and vulnerabilities within Wordpress Plugins.

Follow us on twitter

Send us any feedback here:

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

WordFence - Sign up as a researcher! https://ctbb.show/wf

---

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Hop on the CTBB Discord

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest:

Ramuel Gall

UpdraftPlus Vuln

XML-RPC PingBack

Unicode and Character Sets

Reflected XSS

POP Chain

WordpressPluginDirectory

Subscriber+ RCE in Elementor

Subscriber+ SSRF

Unauthed XSS via User-Agent header

Timestamps:

(00:00:00) Introduction

(00:05:55) Add_action & Nonces

(00:26:16) Add_filter & Register_rest_routes

(00:38:39) Page-related code & Shortcodes

(00:50:24) Top Sinks for WP

(01:02:19) Echo & SQLI Sinks

(01:15:07) Nonce Leak and wp_handle_upload

(01:18:16) Page variables & Pop Chains

(01:26:55) WP Escalations & Bug Reports

Up next
Jul 3
Episode 129: Is this how Bug Bounty Ends?
Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersecurity professionals to adapt to the evolving landscape of hacking in the age of ... Show More
36m 14s
Jun 26
Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots
Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature BugFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel fre ... Show More
58m 6s
Jun 19
Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More
Episode 127: In this episode of Critical Thinking - Bug Bounty Podcast we address some recent bug bounty controversy before jumping into a slew of news itemsFollow us on XShoutout to YTCracker for the awesome intro music!Today's Sponsor: Adobe====== This Week In Bug Bounty ====== ... Show More
1h 7m
Recommended Episodes
Feb 2023
Frontend Feud: CSS Podcast vs @keyframers (JS Party #264)
Una & Adam from The CSS Podcast defend their Frontend Feud title against challengers David & Shaw from the keyframers. Let’s get it on! Leave us a comment Changelog++ members save 6 minutes on this episode because they made the ads disappear. Join today! Sponsors: Sentry – Sessio ... Show More
51m 10s
Feb 2023
Frontend Feud: CSS Podcast vs @keyframers
Una & Adam from The CSS Podcast defend their Frontend Feud title against challengers David & Shaw from the keyframers. Let’s get it on! Leave us a comment Changelog++ members save 6 minutes on this episode because they made the ads disappear. Join today! Sponsors: Sentry – Sessio ... Show More
51m 10s
Jun 2022
Supper Club × Is No Code going to take our jobs? with Connor Finlayson
In this supper club episode of Syntax, Wes and Scott talk with Connor Finlayson about his experience building and teaching no code projects. Postlight Podcast - Sponsor Postlight is a strategy, design, and engineering firm that builds platforms for some of the biggest organizatio ... Show More
1h 1m
Oct 2020
Spooky Web Dev Stories — Part 2
In this episode of Syntax, Scott and Wes are back for another episode of spooky web dev stories — listener-submitted stories about web dev gone wrong. LogRocket - Sponsor LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s ... Show More
1h 2m
Sep 2021
Changelog Frontend Feud
In this episode of Syntax, Scott and Wes do a crossover episode with Changelog’s JS Party! Your favorite web dev podcasts join forces for a super collab that’ll knock you frontend off! Amelia joins Chris Coyier and Dave Rupert from ShopTalk Show, while Divya teams up with Wes Bos ... Show More
53m 15s
Apr 2024
750: New CSS and JavaScript You Should Be Using
Get stoked, jQuery 1.2 is here! Join Scott and Wes as they discuss jQuery Mobile, slicing PSD files, CSS rounded corners, CoffeeScript features, WordPress 2.3, and the rise of Skeuomorphism, shaping the landscape of web development this year. Show Notes 00:00 Welcome to Syntax! 0 ... Show More
24m 24s
May 2024
763: Web Scraping + Reverse Engineering APIs
Web scraping 101! Dive into the world of web scraping with Scott and Wes as they explore everything from tooling setup and navigating protected routes to effective data management. In this Tasty Treat episode, you’ll gain invaluable insights and techniques to scrape (almost) any ... Show More
52m 33s
Jun 2024
Episode 196 - Breaking the typecast: Growing beyond frontend and backend labels
In this episode of Front End Happy Hour, we dive into the topic of being typecast as a frontend or backend engineer. Is it really a bad thing? Our panel discusses the implications of these labels, how they can limit growth, and share strategies to break free from these constraint ... Show More
51m 16s
Mar 2024
AI vs software devs
Daniel and Chris are out this week, so we’re bringing you conversations all about AI’s complicated relationship to software developers from other Changelog pods: JS Party, Go Time & The Changelog.Join the discussionChangelog++ members save 2 minutes on this episode because they m ... Show More
57 m
Jun 2024
777: The Modern Dev CMS - Pocketbase
Today, Scott and Wes are diving into Pocketbase, a fantastic tool for web developers to quickly set up a CMS without breaking a sweat. We’ll cover everything from its Go-based architecture to its slick admin interface and how you can get started hosting it for free on Fly.io. Sho ... Show More
25m 25s
Listen to millions of songs and podcasts on Anghami