logo
episode-header-image
Jun 2024
1h 34m

Episode 76: Match & Replace - HTTP Proxi...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 76: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about Match and Replace and the often overlooked use cases for it, like bypassing paywalls, modifying host headers, and storing payloads. We also talk about the HackerOne Ambassador World Cup and the issues with dupe submissions, and go through some write-ups.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today's Sponsor - Project Discovery: https://nux.gg/podcast

Resources

Zoom Session Takeover

https://nokline.github.io/bugbounty/2024/06/07/Zoom-ATO.html

SharePoint XXE

https://x.com/thezdi/status/1796207012520366552

Shazzer

https://shazzer.co.uk/

Timestamps:

(00:00:00) Introduction

(00:05:06) H1 Ambassador World Cup

(00:13:57) Zoom ATO bug

(00:33:28) SharePoint XXE

(00:39:36) Shazzer

(00:46:36) Match and Replace

(01:13:01) Match and Replace in Mobile

(01:21:13) Header Replacements

Up next
Yesterday
Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!
Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some news. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and sugges ... Show More
1h 4m
Oct 2
Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News
Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Meta’s $111750 Bug, PROMISQROUTE, and the opportunities afforded by going full time in Bug Bounty.Follow us on twitter at: https://x.com/ctbbpodcastGo ... Show More
54m 50s
Sep 25
Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)
Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any f ... Show More
1h 23m
Recommended Episodes
Feb 2024
Episode 119 - Dart Squad (Ft. 1Dime)
You are listening to this episode 1 week after it was released. To get episodes on time check out our Patreon!  Episode 120 is already available there: https://www.patreon.com/TheDeprogram Check out his work here:Controlled Opposition video: https://www.youtube.com/watch?v=7uPevW ... Show More
1h 16m
Feb 2024
Daily Fortnite Podcast 2089 - FNCS Grand Finals Results
-News -Challenges -Item Shop -Tip of the Day Support-A-Creator - mmmikieSupport Daily Fortnite - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠anchor.fm/daily-fortnite/support⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ... Show More
9m 7s
Nov 2023
Sports Podcasting On A National Level
“Think of our NFL network, it’s 38 podcasts. To source 38 podcasts, you don’t want eight different publishers and 38 different onboarding calls and invoices - it can be a nightmare. So for us, we like to just make it as easy for an advertiser as possible to activate with those mi ... Show More
44m 24s
Feb 2024
BTS | EP.148 - Valentine's Day Horror Stories ft ShxtsnGigs
Welcome to the Behind the Scenes podcast!Today we are joined by our first guests of the year...ShxtsnGigs!!Make sure you follow our page and like, comment, and share this episode with your friends and family if you enjoyed it! 0:00 - Intro02:13 - Who is Your Zaddy?10:55 - Dilemma ... Show More
1h 8m
Dec 2022
Internet Booby Traps
Today’s podcast features 3 separate, unique stories about the dangers of the internet. The audio from all three stories has been pulled from our main YouTube channel, which is just called "MrBallen," and has been remastered for today's podcast.Story names, previews & links to ori ... Show More
32m 55s
Jan 2024
Introducing On This Day in Working Class History: A new daily podcast from WCH
Introducing a brand-new daily podcast from the team at WCH. On This Day in Working Class History will be a brief reminder each morning of our collective struggles for a better world which have taken place on this date in history. Launching on 1 February on a trial basis, each epi ... Show More
2m 32s
Oct 2023
Listener Conspiracy Theories - Episode 124
Receive a 100% deposit match up to $100 when you the code "dummies" to sign up. https://play.underdogfantasy.com/p-crash-dummies Join Our Patreon For Exclusive Content: https://www.patreon.com/crashdummies Video Version: https://crashdummiespodcast.com 
1h 23m
Feb 2024
730: Own Your Own PaaS
Scott and Wes talk about the benefits of owning your own PaaS (platform as a service), the main alternatives in the space, and ways to make passion projects more financially viable. Show Notes 00:00 Welcome to Syntax! 01:12 Brought to you by Sentry.io. 01:56 What is a PaaS? NGINX ... Show More
57m 58s
Nov 2023
65. FIS highlights 1 - SNAP trial, AMR musical, S. aureus update, IPC in LMIC
Join Jame, Callum and Pals for a discussion on some highlights from FIS 2023: https://microbiologysociety.org/event/full-events-listing/federation-of-infection-societies-fis-conference.html Mentioned in episode: UCHL HLH protocol and referral details: https://www.uclh.nhs.uk/our- ... Show More
27m 34s
Feb 2024
BTS l EP.150 - "Platonic Friendships are a Myth!"
Welcome to the Behind the Scenes podcast! Make sure you follow our page and like, comment, and share this episode with your friends and family if you enjoyed it!  0:00 Intro 0:45 Dilemma32:57 How Was Your Week & Song of the Week47:00 Twitter Thread51:56 Hot Gist: Who TF Did I Mar ... Show More
1h 17m
Listen to millions of songs and podcasts on Anghami