DiscoverCritical Thinking - Bug Bounty PodcastEpisode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots
Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots

Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots

Update: 2025-04-10
Share

Description

Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a polyglot in llms.txt.

Follow us on X

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow Rhynorater and Rez0 on X

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

You can also find some hacker swag!

====== Resources ======

p4fg passed 1 Million!

/reports/:id.json - $25K Crit

Hacking Crypto pt1

The art of payload obfuscation

Analyzing the Next.js Middleware Bypass

Nahamsec's Merch store

llms.txt polyglot prompt injection

React Router and the Remix’ed path

Pre-Authentication SQL Injection in Halo ITSM

Pwning Millions of Smart Weighing Machines

MCP Server Oauth

Cline

“Credentialless” iframes

Tiny XSS Payloads

Types of Pollution

====== Timestamps ======

(00:00:00 ) Introduction

(00:05:56 ) Next.js Middleware bypass & Polyglots in llms.txt

(00:16:35 ) CPDoS on React Router

(00:24:26 ) Loose Types Sink Ships & Pwning Smart Scales

(00:32:30 ) MCP Server Oauth & Cline

(00:39:40 ) Clientside Tidbits & Prototype Pollutions

Comments 
loading
In Channel
Episode 152: GeminiJack and Agentic Security with Sasi Levi

Episode 152: GeminiJack and Agentic Security with Sasi Levi

2025-12-1101:21:36

Episode 151: Client-side Advanced Topics

Episode 151: Client-side Advanced Topics

2025-12-0401:07:26

Episode 150: ASP.NET MVC Patterns, Popping Oracle Identity, and Esoteric Subdomain Enumeration

Episode 150: ASP.NET MVC Patterns, Popping Oracle Identity, and Esoteric Subdomain Enumeration

2025-11-2757:20

Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains

Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains

2025-11-2001:02:33

Episode 148: MCP Hacking Guide

Episode 148: MCP Hacking Guide

2025-11-1332:26

Episode 147: Stupid Simple Hacking Workflow Tips

Episode 147: Stupid Simple Hacking Workflow Tips

2025-11-0658:48

Episode 146: Hacking Horror Stories

Episode 146: Hacking Horror Stories

2025-10-3001:50:38

Episode 145: Gr3pme's Secret: Bug Bounty Note Taking Methodology

Episode 145: Gr3pme's Secret: Bug Bounty Note Taking Methodology

2025-10-2328:17

Episode 144: Google’s Top AI Hackers: Busfactor and Monke

Episode 144: Google’s Top AI Hackers: Busfactor and Monke

2025-10-1652:40

Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!

Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!

2025-10-0901:04:23

Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News

Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News

2025-10-0254:50

Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)

Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)

2025-09-2501:23:31

Episode 140: Crit Research Lab Update & Client-Side Tricks Galore

Episode 140: Crit Research Lab Update & Client-Side Tricks Galore

2025-09-1857:41

Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research

Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research

2025-09-1102:21:51

Episode 138: Caido Tools and Workflows

Episode 138: Caido Tools and Workflows

2025-09-0422:39

Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber

Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber

2025-08-2849:09

Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable

Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable

2025-08-2150:53

Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories

Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories

2025-08-1401:26:21

Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado

Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado

2025-08-0401:53:35

Episode 133: Building Hacker Communities - Bug Bounty Village, getDisclosed, and the LHE Squad

Episode 133: Building Hacker Communities - Bug Bounty Village, getDisclosed, and the LHE Squad

2025-07-3101:16:12

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
1.0x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots

Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots