Episode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor. Then they cover some some research about SQL Injections, Clickjacking in Google Docs, and how to steal your Telegram account in 10 seconds.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Find the Hackernotes: https://blog.criticalthinkingpodcast.io/
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Shop our new swag store at ctbb.show/swag
Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder
Resources:
Breaking Down Barriers: Exploiting Pre-Auth SQL Injection in WhatsUp Gold
Content-Type that can be used for XSS
Clickjacking Bug in Google Docs
Justin's Gadget Link
https://www.youtube.com/signin?next=https%3A%2F%2Faccounts.youtube.com%2Faccounts%2FSetSID%3Fcontinue%3Dhttps%3A%2F%2Fwww.google.com%252Famp%252fpoc.rhynorater.com
Stealing your Telegram account in 10 seconds flat
Timestamps
(00:00:00) Introduction
(00:08:28) Recent Hacks and Dupes
(00:14:00) Cursor
(00:25:02) Exploiting Pre-Auth SQL Injection in WhatsUp Gold
(00:34:17) Content-Type that can be used for XSS
(00:40:25) Caido updates
(00:43:14) Clickjacking in Google Docs, and Stealing Telegram account