Скачать с ютуб 0-days & HTMX-SS with Mathias (Ep. 68) в хорошем качестве

0-days & HTMX-SS with Mathias (Ep. 68)

Episode 68: In this episode of Critical Thinking - Bug Bounty Podcast Mathias is back with some fresh HTMX research, including CSP bypass using HTMX triggers, converting client-side response header injection to XSS, bypassing HTMX disable, and the challenges of using HTMX in larger applications and the potential performance trade-offs. We also talk about the results of his recent CTF Challenge, and explore some more facets of CDN-CGI functionality. Follow us on Twitter at:   / ctbbpodcast   We're new to this podcasting thing, so feel free to send us any feedback here: [email protected] Shoutout to   / realytcracker   for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater & Teknogeek on Twitter:   / 0xteknogeek     / rhynorater   Project Discovery Conference: https://nux.gg/hss24 ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Guest:   / avlidienbrunn   Resources: Masato Kinugawa's research on Teams https://speakerdeck.com/masatokinugaw... teams-and-got-150000-dollars-in-pwn2own?slide=33 subdomain-only 307 open redirect https://avlidienbrunn.se/cdn- cgi/image/onerror=redirect/http://anything.avlidienbrunn.se Timestamps (00:00:00) Introduction (00:05:18) CSP Bypass using HTML (00:14:00) Converting client-side response header injection to XSS (00:23:10) Bypassing hx-disable (00:32:37) XSS-ing impossible elements (00:38:22) CTF challenge Recap and knowing there's a bug (00:51:53) hx-on (depreciated) (00:54:30) CDN-CGI Research discussion