Critical Thinking - Bug Bounty Podcast
Episode 116: Auth Bypasses and Google VRP Writeups
27 Mar 2025
Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor: ThreatLocker Cloud Control - https://www.threatlocker.com/platform/cloud-control====== Resources ======SAML roulette: the hacker always winshttps://portswigger.net/research/saml-roulette-the-hacker-always-winsLoophole of getting Google Form associated with Google Spreadsheet with no editor/owner accesshttps://bughunters.google.com/reports/vrp/yBeFmSrJiLoophole to see the editors of a Google Document with no granted access(owner/editor) with just the fileid (can be obtained from publicly shared links with 0 access)https://bughunters.google.com/reports/vrp/7EhAw2hurCloud Tools for Eclipse - Chaining misconfigured OAuth callback redirection with open redirect vulnerability to leak Google OAuth Tokens with full GCP Permissionshttps://bughunters.google.com/reports/vrp/F8GFYGv4gNext.js, cache, and chains: the stale elixirhttps://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixirNext.js and the corrupt middleware: the authorizing artifacthttps://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware====== Timestamps ======(00:00:00) Introduction(00:02:59) SAML roulette(00:13:08) Google bugs(00:20:16) Next.js and the corrupt middleware
No persons identified in this episode.
This episode hasn't been transcribed yet
Help us prioritize this episode for transcription by upvoting it.
Popular episodes get transcribed faster
Other recent transcribed episodes
Transcribed and ready to explore now
3ª PARTE | 17 DIC 2025 | EL PARTIDAZO DE COPE
01 Jan 1970
El Partidazo de COPE
13:00H | 21 DIC 2025 | Fin de Semana
01 Jan 1970
Fin de Semana
12:00H | 21 DIC 2025 | Fin de Semana
01 Jan 1970
Fin de Semana
10:00H | 21 DIC 2025 | Fin de Semana
01 Jan 1970
Fin de Semana
13:00H | 20 DIC 2025 | Fin de Semana
01 Jan 1970
Fin de Semana
12:00H | 20 DIC 2025 | Fin de Semana
01 Jan 1970
Fin de Semana