
Episode 171: Path-Scoped Cookie Hacks with Uppercase & Post-based Raw Protobuf XSS
From Critical Thinking - Bug Bounty Podcast by Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)
April 23, 2026 · 23 min · Season 1 · Episode 171
About this episode
In this episode, Justin shares quick hacking tips including clickjacking and the use of capital letters in path-scoped cookie hacks.
Episode 171: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us some quick tips from his own hacking, including some clickjacking, using capital letters, and the potential value of leaking ages Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today's Sponsor: Check out ThreatLocker Ringfencing https://www.criticalthinkingpodcast.io/tl-rf ====== Resources ====== The ultimate Bug Bounty guide to OS command injection vulnerabilities…
People in this episode
Hosts: Justin Gardner, Joseph Thacker, Brandyn Murtagh
Topics covered
- bug bounty
- hacking tips
- clickjacking
- Protobuf XSS
- web security
- vulnerabilities
Keywords
- bug bounty
- hacking
- clickjacking
- XSS
- Protobuf
- security vulnerabilities
- web application security
Sponsors
ThreatLocker
Mentioned in this episode
Organizations: Critical Research Lab, YesWeHack
More episodes of Critical Thinking - Bug Bounty Podcast
- Episode 178: 600k in ~3 months - BruteCat pt 2 · June 11, 2026 · 1h 24m
- Episode 177: 2x Google RCE with VRP Legend Brutecat · June 4, 2026 · 1h 25m
- Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam) · May 28, 2026 · 1h 51m
- Episode 175: Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama · May 21, 2026 · 50 min
- Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5 · May 14, 2026 · 1h 10m
- Episode 173: Bug Bounty is Dead and AI Killed it. · May 7, 2026 · 1h 2m
Explore listener stats, chart rankings, contacts and more on the Critical Thinking - Bug Bounty Podcast podcast page.