Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots
Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a polyglot in llms.txt.Follow us on XShoutout to YTCracker for the awesome intro music!====== Links ======Follow Rhynorater and Rez0 on X====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!You can also find some hacker swag!====== Resources ======p4fg passed 1 Million!/reports/:id.json - $25K CritHacking Crypto pt1The art of payload obfuscationAnalyzing the Next.js Middleware BypassNahamsec's Merch storellms.txt polyglot prompt injectionReact Router and the Remix’ed pathPre-Authentication SQL Injection in Halo ITSMPwning Millions of Smart Weighing MachinesMCP Server OauthCline“Credentialless” iframesTiny XSS PayloadsTypes of Pollution====== Timestamps ======(00:00:00) Introduction(00:05:56) Next.js Middleware bypass & Polyglots in llms.txt(00:16:35) CPDoS on React Router(00:24:26) Loose Types Sink Ships & Pwning Smart Scales(00:32:30) MCP Server Oauth & Cline(00:39:40) Clientside Tidbits & Prototype Pollutions