Offline dengan aplikasi Player FM !
Episode 68: 0-days & HTMX-SS with Mathias
Manage episode 414535511 series 3435922
Episode 68: In this episode of Critical Thinking - Bug Bounty Podcast Mathias is back with some fresh HTMX research, including CSP bypass using HTMX triggers, converting client-side response header injection to XSS, bypassing HTMX disable, and the challenges of using HTMX in larger applications and the potential performance trade-offs. We also talk about the results of his recent CTF Challenge, and explore some more facets of CDN-CGI functionality.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
Project Discovery Conference: https://nux.gg/hss24
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Guest:
https://twitter.com/avlidienbrunn
Resources:
Masato Kinugawa's research on Teams
subdomain-only 307 open redirect
https://avlidienbrunn.se/cdn-cgi/image/onerror=redirect/http://anything.avlidienbrunn.se
Timestamps
(00:00:00) Introduction
(00:05:18) CSP Bypass using HTML
(00:14:00) Converting client-side response header injection to XSS
(00:23:10) Bypassing hx-disable
(00:32:37) XSS-ing impossible elements
(00:38:22) CTF challenge Recap and knowing there's a bug
(00:51:53) hx-on (depreciated)
(00:54:30) CDN-CGI Research discussion
70 episode
Manage episode 414535511 series 3435922
Episode 68: In this episode of Critical Thinking - Bug Bounty Podcast Mathias is back with some fresh HTMX research, including CSP bypass using HTMX triggers, converting client-side response header injection to XSS, bypassing HTMX disable, and the challenges of using HTMX in larger applications and the potential performance trade-offs. We also talk about the results of his recent CTF Challenge, and explore some more facets of CDN-CGI functionality.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
Project Discovery Conference: https://nux.gg/hss24
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Guest:
https://twitter.com/avlidienbrunn
Resources:
Masato Kinugawa's research on Teams
subdomain-only 307 open redirect
https://avlidienbrunn.se/cdn-cgi/image/onerror=redirect/http://anything.avlidienbrunn.se
Timestamps
(00:00:00) Introduction
(00:05:18) CSP Bypass using HTML
(00:14:00) Converting client-side response header injection to XSS
(00:23:10) Bypassing hx-disable
(00:32:37) XSS-ing impossible elements
(00:38:22) CTF challenge Recap and knowing there's a bug
(00:51:53) hx-on (depreciated)
(00:54:30) CDN-CGI Research discussion
70 episode
Semua episode
×Selamat datang di Player FM!
Player FM memindai web untuk mencari podcast berkualitas tinggi untuk Anda nikmati saat ini. Ini adalah aplikasi podcast terbaik dan bekerja untuk Android, iPhone, dan web. Daftar untuk menyinkronkan langganan di seluruh perangkat.