Critical Thinking - Bug Bounty Podcast Episode 131: SL Cyber Writeups, Bug Bounty Metastrategy, and Orphaned Github Commits
5 snips
Jul 17, 2025 Dive into the world of collaborative hacking as experts discuss the thrill of teamwork in uncovering software vulnerabilities. Uncover the shocking scale of data exposed by a McDonald's chatbot flaw. Explore how to exploit .NET Nuke vulnerabilities and the nuances in prompt engineering for AI interactions. Learn about making the most of GitHub scans and the implications of orphan commits. Plus, discover new tools like Raycast for Windows and enhancements in Google Docs that can elevate bug bounty hunting!
AI Snips
Chapters
Transcript
Episode notes
Massive McDonald's Data Leak
- Ian Carroll and Sam Curry found an IDOR leaking 64 million McDonald's job applicant data.
- Default credentials enabled admin access to a chatbot managing this data, revealing a massive security lapse.
Cross-Customer XSS Insights
- Cross-customer vulnerabilities can arise when multiple tenants share hosted content on a common CDN subdomain.
- Manipulating path parsing and character normalization enables XSS bypasses on cloud platforms like AEM Cloud.
Export Notes as Markdown
- Use Google Docs' export as Markdown feature for clean, manageable notes.
- Markdown's simplicity suits bug bounty note-taking and workflow efficiency.