• Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

  • Sep 26 2024
  • Length: 52 mins
  • Podcast

Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

  • Summary

  • Episode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor. Then they cover some some research about SQL Injections, Clickjacking in Google Docs, and how to steal your Telegram account in 10 seconds.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Find the Hackernotes: https://blog.criticalthinkingpodcast.io/

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Shop our new swag store at ctbb.show/swag

    Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder

    Resources:

    Breaking Down Barriers: Exploiting Pre-Auth SQL Injection in WhatsUp Gold

    Content-Type that can be used for XSS

    Clickjacking Bug in Google Docs

    Justin's Gadget Link

    https://www.youtube.com/signin?next=https%3A%2F%2Faccounts.youtube.com%2Faccounts%2FSetSID%3Fcontinue%3Dhttps%3A%2F%2Fwww.google.com%252Famp%252fpoc.rhynorater.com

    Stealing your Telegram account in 10 seconds flat

    Timestamps

    (00:00:00) Introduction

    (00:08:28) Recent Hacks and Dupes

    (00:14:00) Cursor

    (00:25:02) Exploiting Pre-Auth SQL Injection in WhatsUp Gold

    (00:34:17) Content-Type that can be used for XSS

    (00:40:25) Caido updates

    (00:43:14) Clickjacking in Google Docs, and Stealing Telegram account

    Show More Show Less

What listeners say about Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

Average Customer Ratings

Reviews - Please select the tabs below to change the source of reviews.

In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.