Critical Thinking - Bug Bounty Podcast

Episode 110: Oauth Gadget Correlation and Common Attacks


Episode Artwork
1.0x
0% played 00:00 00:00
Feb 13 2025 49 mins   43
Other Episodes

Episode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, we hone in on OAuth vulnerabilities, API keys, and innovative techniques hackers use to exploit these systems.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to https://x.com/realytcracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Resources ======

DOMPurify 3.2.3 Bypass

Jason Zhou's post about O3 mini

Live Chat Blog #2: Cisco Webex Connect

postLogger Chrome Extension

postLogger Webstore Link

Common OAuth Vulnerabilities

nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover

Account Takeover using SSO Logins

Kai Greshake

====== Timestamps ======

(00:00:00) Introduction

(00:01:44) DOMPurify 3.2.3 Bypass

(00:06:37) O3 mini

(00:10:29) Ophion Security: Cisco Webex Connect

(00:15:54) Discord Community News

(00:19:12) postLogger Chrome Extension

(00:21:04) Common OAuth Vulnerabilities & Lessons learned from Google’s APIs

Download episode Share
Copy URL



Listen on Podcast Addict
Subscribe on Podcast Addict