Episode 130: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Valentino, who shares his journey from hacking Minecraft to becoming a Google hunter. He talks us through several bugs, including an HTML Sanitizer bypass and .NET deserialization, and highlights the hyper creative approaches he tends to employ.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: ThreatLocker - Patch Management

https://www.criticalthinkingpodcast.io/TL-patch-management

Today’s Guest: Valentino - https://blog.3133700.xyz/

====== Resources ======

JMX Manager

Stored XSS in reclamos

Command Injection in Vertex AI

whitepaper-net-deser.pdf

free-after-use.go

A Journey Into Finding Vulnerabilities in the PMB Library Management System

emulated-register_globals.php

====== Timestamps ======

(00:00:00) Introduction

(00:02:38) JMXProxy Bug Story

(00:09:46) Intro to Valentino

(00:29:08) HTML Sanitizer bypass on MercadoLibre

(00:37:16) Command injection in Vertex AI

(00:44:10) .NET deserialization, & Argument injection to LFR, & Free after use

(00:51:33) Luck, creativity, and evolution as Hacker

(00:59:31) Issues in file extension validation components, Emulated register_globals, & AI Hacking