Episode 171: Path-Scoped Cookie Hacks with Uppercase & Post-based Raw Protobuf XSS

Episode 171: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us some quick tips from his own hacking, including some clickjacking, using capital letters, and the potential value of leaking agesFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X:&nbsp;https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/&nbsp;====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Check out ThreatLocker Ringfencinghttps://www.criticalthinkingpodcast.io/tl-rf====== Resources ======The ultimate Bug Bounty guide to OS command injection vulnerabilitieshttps://www.yeswehack.com/learn-bug-bounty/ultimate-guide-os-command-injection?utm_source=critical-thinking-podcast&amp;utm_medium=youtube&amp;utm_campaign=article-os-command-injectionCritical auth bypass in WordPress Azure AD SSO plugin due to missing OIDC id_token validationhttps://www.yeswehack.com/news/auth-bypass-wordpress-azure-plugin?utm_source=critical-thinking-podcast&amp;utm_medium=youtube&amp;utm_campaign=article-wordpress-bypass-pluginAituglo featured on YWHhttps://www.yeswehack.com/community/developer-aituglo-bug-bounty-storyAdobe will be sponsoring Ekoparty in Miami and hosting a live hacking event on May 21st<a href="https://ekoparty.org/ekoparty