Episode 140: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph give an update from The Crit Research Lab, as well as some writeups on postMessage vulnerabilities, Cookie Chaos, and more.Follow us on X at: https://x.com/ctbbpodcastGot any ideas and suggestions? Send us feedback at
[email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!Get some hacker swag here!====== This Week in Bug Bounty ======Cross-site request forgeryHackerOne New Milestone ProgramEmail
[email protected] for media opportunities====== Resources ======Exploiting Web Worker XSS with BlobsCritical Research LabRez0's TweetCVE-2022-21703: cross-origin request forgery against GrafanaConversation about Forcing Quirks ModeAI Busniess Logic & POC or GTFOHunting postMessage Vulnerabilities – Part 1Hunting postMessage Vulnerabilities – Part 2Executive OffenseCookie Chaos: How to bypass Host and Secure cookie prefixes====== Timestamps ======(00:00:00) Introduction(00:05:48) Crit Research Update(00:13:00) Encouragement & Collaboration(00:19:37) Cross-origin request forgery & Anthropic's web fetch(00:29:17) Quirks Mode, AI Business Logic & POC or GTFO(00:44:21) Hunting postMessage & Claude Code browserbase(00:51:25) Community story, Executive Offense, & Cookie Chaos