Single Page Application Hacking Playbook (Ep 114)

Episode 114: In this episode of Critical Thinking - Bug Bounty Podcast we’re diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: [email protected] Shoutout to https://twitter.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today’s Sponsor: ThreatLocker Cloud Control - https://www.threatlocker.com/platform/cloud-control ====== Resources ====== Hacking High-Profile Bug Bounty Targets: Deep Dive into a Client-Side Chain https://vitorfalcao.com/posts/hacking-high-profile-targets/ Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data https://x.com/trufflesec/status/1895170902872223752 Hackadvisor https://hackadvisor.io/programs WP Extensions https://x.com/yousukezan/status/1894703104421191835 Notebook LM https://notebooklm.google/ Pressing Buttons with Popups https://x.com/J0R1AN/status/1893667396658893125 Response to @RenwaX23 https://x.com/RenwaX23/status/1893709501393489976 Prompt Injection Attacks for Dummies https://x.com/0xAsm0d3us/status/1896187800258830666 Shadow Repeater https://portswigger.net/research/shadow-repeater-ai-enhanced-manual-testing parallel-prettier https://github.com/microsoft/parallel-prettier ====== Timestamps ====== (00:00:00) Introduction (00:02:15) Bug Write-up from @busf4ctor (00:09:44) Scanning Common Crawl (00:16:30) Hackadvisor and WP/Chrome Extension News (00:24:15) Notebook LM, and Recent AI Updates (00:31:58) Write-up from @J0R1AN and Related POC from @RenwaX23 (00:38:10) Prompt Injection Attacks for Dummies (00:42:29) ShadowRepeater (00:47:04) Single-page applications