Episode 77: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin discuss some fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting into a conversation about staying motivated and avoiding burnout while hunting. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: [email protected] Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Resources: MongoDB NoSQL Injection https://soroush.me/blog/2024/06/mongodb-nosql-injection-with-aggregation-pipelines/ Mongo DB Is Web Scale https://www.youtube.com/watch?v=b2F-DItXtZs 1-click Exploit in Kakao https://stulle123.github.io/posts/kakaotalk-account-takeover/ Unsecure time-based secret and Sandwich Attack https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-en.html Reset Tolkien https://github.com/AethliosIK/reset-tolkien iOS URL Scheme Hijacking Revamped https://evanconnelly.github.io/post/ios-oauth/ PLORMBING YOUR DJANGO ORM https://www.elttam.com/blog/plormbing-your-django-orm/#content Timestamps: (00:00:00) Introduction (00:02:07) MongoDB NoSQL Injection (00:12:42) 1-click Exploit in Kakao (00:33:21) Time-based secrets and Reset Tolkien (00:39:26) iOS URL Scheme Hijacking Revamped (00:51:42) ORMs (00:58:57) Community Bug Submission (01:07:45) Motivation, Mental Sharpness, and Burnout avoidance