Critical Thinking – Bug Bounty Podcast
Episode 55: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Wordpress Security Researcher Ram Gall to discuss both functionality and vulnerabilities within Wordpress Plugins.
Follow us on twitter
Send us any feedback here:
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
------ Ways to Support CTBBPodcast ------
WordFence - Sign up as a researcher! https://ctbb.show/wf
---
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Hop on the CTBB Discord
We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Guest:
Unauthed XSS via User-Agent header
Timestamps:
(00:00:00) Introduction
(00:05:55) Add_action & Nonces
(00:26:16) Add_filter & Register_rest_routes
(00:38:39) Page-related code & Shortcodes
(00:50:24) Top Sinks for WP
(01:02:19) Echo & SQLI Sinks
(01:15:07) Nonce Leak and wp_handle_upload
(01:18:16) Page variables & Pop Chains
(01:26:55) WP Escalations & Bug Reports