
Episode 168: XSSDoctor - Client-side Path Traversal Research
From Critical Thinking - Bug Bounty Podcast by Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)
April 2, 2026 · 1h 36m · Season 1 · Episode 168
About this episode
In this episode, the hosts are joined by Jonathan, the XSS Doctor, to discuss client-side workflows and diagnose bugs live.
Episode 168: In this episode of Critical Thinking - Bug Bounty Podcast we’re getting a visit from the XSS Doctor. Jonathan joins us to go through his Client-side workflow, run labs, and diagnose some bugs live. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Guest: https://x.com/xssdoctor ====== Resources ====== The Dot-Dot-Slash That Frameworks Hand You: CSPT Across Every Major Frontend Framework https://lab.ctbb.show/research/the-dot-dot-slash-that-frameworks-hand-you URL validation bypass cheat sheet…
People in this episode
Hosts: Rhynorater, rez0, gr3pme
Guest: Jonathan
Topics covered
- Client-side Path Traversal
- Bug Bounty
- XSS
- Web Security
- Home Automation
- E-signature
Keywords
- XSS
- Client-side
- Path Traversal
- Bug Bounty
- Web Security
- E-signature
- Home Automation
- CSPT
Mentioned in this episode
Organizations: XSSDoctor, YTCracker, Critical Research Lab, PortSwigger
More episodes of Critical Thinking - Bug Bounty Podcast
- Episode 178: 600k in ~3 months - BruteCat pt 2 · June 11, 2026 · 1h 24m
- Episode 177: 2x Google RCE with VRP Legend Brutecat · June 4, 2026 · 1h 25m
- Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam) · May 28, 2026 · 1h 51m
- Episode 175: Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama · May 21, 2026 · 50 min
- Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5 · May 14, 2026 · 1h 10m
- Episode 173: Bug Bounty is Dead and AI Killed it. · May 7, 2026 · 1h 2m
Explore listener stats, chart rankings, contacts and more on the Critical Thinking - Bug Bounty Podcast podcast page.