logo
episode-header-image
Apr 2025
58m 29s

Episode 118: Hacking Happy Hour: 0days ...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a polyglot in llms.txt.

Follow us on X

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow Rhynorater and Rez0 on X

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

You can also find some hacker swag!

====== Resources ======

p4fg passed 1 Million!

/reports/:id.json - $25K Crit

Hacking Crypto pt1

The art of payload obfuscation

Analyzing the Next.js Middleware Bypass

Nahamsec's Merch store

llms.txt polyglot prompt injection

React Router and the Remix’ed path

Pre-Authentication SQL Injection in Halo ITSM

Pwning Millions of Smart Weighing Machines

MCP Server Oauth

Cline

“Credentialless” iframes

Tiny XSS Payloads

Types of Pollution

====== Timestamps ======

(00:00:00) Introduction

(00:05:56) Next.js Middleware bypass & Polyglots in llms.txt

(00:16:35) CPDoS on React Router

(00:24:26) Loose Types Sink Ships & Pwning Smart Scales

(00:32:30) MCP Server Oauth & Cline

(00:39:40) Clientside Tidbits & Prototype Pollutions

Up next
Yesterday
Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!
Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some news. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and sugges ... Show More
1h 4m
Oct 2
Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News
Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Meta’s $111750 Bug, PROMISQROUTE, and the opportunities afforded by going full time in Bug Bounty.Follow us on twitter at: https://x.com/ctbbpodcastGo ... Show More
54m 50s
Sep 25
Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)
Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any f ... Show More
1h 23m
Recommended Episodes
Mar 2016
Episode 214: 214: Atrophic Cohost
Sean, Kyle, and a chorus of small frogs discuss the Game Developers Conference, eating alone, atrophic organs, Slack vs Basecamp, the cost of abstractions, and tips for adding new team members. Braintree: An easy way to accept multiple payment types with one integration. Quick, k ... Show More
1h 23m
Sep 14
455: The Chicken Killer | The Official Podcast
Get 25% off HelixSleep sitewide: go to https://www.helixsleep.com/official Get 25% off your Fitbod subscription or try the app for free: go to https://www.fitbod.me/official Get additional episodes and bonus content with early access (try now with 7 DAYS FREE): go to https://www. ... Show More
1h 41m
Aug 13
How to Prompt GPT-5
Nearly a week into the GPT-5 era, users are still divided on its quality—but one thing’s clear: it’s more steerable than any previous model, and prompts make or break results. In this episode, we cut through the debate and share 11 practical prompting techniques you can use right ... Show More
29m 42s
Sep 29
#521: Red Teaming LLMs and GenAI with PyRIT
English is now an API. Our apps read untrusted text; they follow instructions hidden in plain sight, and sometimes they turn that text into action. If you connect a model to tools or let it read documents from the wild, you have created a brand new attack surface. In this episode ... Show More
1h 2m
Feb 2025
Freaky Friday: Episode 150
My Dog Found a Dead Body; Getting Away Twice; Precognitive Phenomena? And the Work Conference from Hell; Tales from the Night Shift; Knock, Knock, Knock; and The Time my Dog Caught a Fugitive. Get your fan code today, and grab your tickets starting Feb. 7 to join us for CrimeWave ... Show More
1h 15m
Jan 2025
10 Tools To Make 2025 Your Best Year Yet: Habits & Mindset Shifts Ft. Michael & Lauryn Bosstick
#792: New Year, New Goals – Make 2025 Your Best Year Yet! Join Michael & Lauryn Bosstick as they sit down to discuss their goals & intentions for the New Year, sharing actionable habits & meaningful changes to inspire your own journey. They cover everything from setting personal ... Show More
48m 25s
Feb 2025
96. Love is Blind S8 Eps. 1-6 Recap: Most Boring Season Yet?!
00:00 - LiB S8 Eps 1-6 Initial Reactions 09:10 - Early Season 8 Favorites 49:15 - Competing for Screen Time on LiB 55:39 - Episode 6 Cliffhanger Theories This episode is sponsored by: - Bumble: Wanna date on your terms? Date your way, on Bumble.  - Allara Health: Allara Health: G ... Show More
1h 4m
Listen to millions of songs and podcasts on Anghami