Episode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, and the Dockerization of Orange Confusion Attacks. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: [email protected] Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Shop our new swag store at ctbb.show/swag Resources URL Validation Bypass cheat sheet SanicDNS Orange Confusion Attacks WordPress GiveWP POP to RCE Xsstools Bypassing browser tracking protection Advanced iframe Magic DOM Clobbering https://www.ruhrsec.de/downloads/slides/Everything-You-Wanted-to-Know-About-DOM-Clobbering-But-Were-Afraid-to-Ask-Soheil-Khodayari-RuhrSec.pdf And https://domclob.xyz/domc_payload_generator/ Timestamps: (00:00:00) Introduction (00:02:00) URL validation bypass (00:07:41) SanicDNS and Orange confusion attacks (00:20:06) WordPress GiveWP POP to RCE (00:31:29) Xsstools (00:43:56) Bypassing browser tracking protection (00:52:06) DOM Clobbering and mixing up your approach