logo
episode-header-image
Jul 2024
1h 10m

Episode 79: The State of CSS Injection -...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration.

Follow us on twitter at: @ctbbpodcast

Send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Resources:

SpaceRaccoon's Universal Code Execution Extensions

Escalating Client Side Path Traversal

Full-time Bug Bounty Blueprint

Sequential Import Chaining

CSS Exfiltation

Link that Justin was talking about

Font Ligatures

Lava Dome bypass

Stealing Data in Great Style

Steal Script Contents

Masato Kinugawa's tweet

Attacking with Just CSS

CSS Injection Primitives

Timestamps:

(00:00:00) Introduction

(00:02:32) Universal Code Execution

(00:11:32) Escalating Client Side Path Traversal

(00:16:56) Justin's Defcon talk & Bug Bounty Blueprint

(00:23:32) CSS Injection

(00:39:23) Font Ligatures

(00:54:30) Descent Override and display:block

Up next
Jul 10
Episode 130: Minecraft Hacks to Google Hacking Star - Valentino
Episode 130: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Valentino, who shares his journey from hacking Minecraft to becoming a Google hunter. He talks us through several bugs, including an HTML Sanitizer bypass and .NET deserialization, and high ... Show More
1h 8m
Jul 3
Episode 129: Is this how Bug Bounty Ends?
Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersecurity professionals to adapt to the evolving landscape of hacking in the age of ... Show More
36m 14s
Jun 26
Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots
Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature BugFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel fre ... Show More
58m 6s
Recommended Episodes
Aug 2024
80% of professional programmers are unhappy (News)
The latest Stack Overflow Developer Survey has some concerning results, Joeri Sebrechts helps you do plain vanilla web dev, MIT’s “missing semester” course looks pretty amazing, a dive into the fascinating history of CSV & a tool to get request analytics from the nginx access log ... Show More
6m 44s
Jan 2022
What's in your package.json?
Tobie Langel, Open source strategist and Principal at UnlockOpen, joins Chris, Feross, and Amal to discuss recent widespread incidents affecting the JavaScript community (and breaking CI builds) around the globe. Two widely used npm libraries were self-sabotaged by their single m ... Show More
1h 9m
Feb 2025
From JavaScript to PHP: Josh Cirre’s Unexpected Dev Journey
This week, Robbie and Chuck talk with Josh Cirre about his journey from JavaScript to PHP, working with the Laravel team, and creating content for developers. They also discuss the value of opinionated frameworks, whether React was a mistake, fast food whatnot, and a surprising h ... Show More
54m 28s
Sep 2024
SN 990: Is Telegram an Encrypted App? - CrowdStrike Exodus, DDoS-as-a-Service, 'Active Listening' Ad Tech?
Telegram puts End-to-End Privacy in the Crosshairs Free security logging is good for everyone CrowdStrike hemorrhaging customers Microsoft to meet privately with EDR (Endpoint Detection & Response) vendors Yelp's Unhappy with Google Telegram as the hotbed for DDoSass – DDoS as a ... Show More
2h 9m
Dec 2024
ShopTalk & Friends (Changelog & Friends #72)
Chris Coyier and Dave Rupert join Adam and Jerod for a ShopTalk & Friends conversation on the viability of the web, making content, ads to support that content, Codepen’s future plans, books, side quests, and social networks devaluing links. Join the discussionChangelog++ members ... Show More
1h 34m
Dec 2019
SLP135 Suheb - Manage Your Lightning Node with RTL
Suheb, co-founder of RTL joins me in this episode to talk about tips on managing your Lightning Node with RTL. We talk: How Suheb got into Lightning His experience with the Lightning Torch Different personas for RTL - Node Operator, Merchant Channel Management Interface What’s co ... Show More
1 h
Aug 2024
814: Fundamentals: HTML
In this episode of Syntax, Wes and Scott talk about HTML fundamentals — from basic structure and semantics to practical tips for better accessibility and SEO. They also discuss the difference between block and inline elements, form functionalities, HTML5 elements like dialog and ... Show More
55m 14s
Aug 2024
SN 986: How Revoking! - Crowdstrike Damage, Firefox Cookies
Platform Key Disclosure Firefox's 3rd-party Cookie mess The W3C Finally Weighs-in CrowdStrike Damages. GRC's Email How Revoking! Show Notes - https://www.grc.com/sn/SN-986-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/se ... Show More
2h 2m
Aug 2024
805: We React to State of React Survey
Scott and Wes serve up their reaction to the “State of React 2023” survey results, discussing the main API pain points like forwardRef and memo. They also explore the latest on state management, hooks pain points, and exciting new libraries in the React ecosystem. Show Notes 00:0 ... Show More
56m 6s
Feb 2025
Late Night Linux – Episode 322
The kernel Rust drama nears an end but not without some collateral damage, you should back up your Kindle books while you still can, Mozilla so very nearly gets it, Chrome gets even worse, Apple takes its ball home, and Matrix rattles the donation tin.   News Linux royalty backs ... Show More
30m 36s
Listen to millions of songs and podcasts on Anghami