Keybase disclosed on HackerOne: SOP bypass using browser cacheBlog post of the issue can be found here: https://enumerated.wordpress.com/2019/12/24/sop-bypass-via-browser-cache/
Introduction - Book of BugBounty Tips
Hi , This book is a collection of "BugBounty" Tips tweeted / shared by community people. It includes the tweets I collected over the past from Twitter , Google and Hastags and chances that few tips may be missing. I have categorized tips against each vulnerability classification and "will be updating" regularly. Each tweet has link to original tweet to read about others replies / comments. Huge "T
セキュリティ未経験だったけど入社1年目から Bug Bounty Program 運営に参加してみた
LINE株式会社 久保田 量大 (LINE セキュリティ室) セキュリティ未経験だったけど入社1年目から Bug Bounty Program 運営に参加してみた SECCON2017決勝大会での発表資料です。 https://2017.seccon.jp/news/seccon2017.html LINE Security Bug Bounty Programについて紹介します。 LINEはBug Bountyを2015年から始めて、国を問わずたくさんのバグハンターの方々に報告してもらっています。 そこで得た運用での知見や実際に報告された問題を共有します。 どうやって自社でBug Bountyをするのか?どうしてBug Bountyを行うのかと言った運用や動機の他、 Bug Bountyを知らなかった人や興味のある人でも楽しめるようにどうやってバグを見つけ、どのように報告すればよいかを紹
Shopify disclosed on HackerOne: SSRF in Exchange leads to ROOT...
Shopify infrastructure is isolated into subsets of infrastructure. @0xacb reported it was possible to gain root access to any container in one particular subset by exploiting a server side request forgery bug in the screenshotting functionality of Shopify Exchange. Within an hour of receiving the report, we disabled the vulnerable service, began auditing applications in all subsets and...
Rails Asset Pipeline Directory Traversal Vulnerability (CVE-2018-3760)
All previously released versions of Sprockets, the software that powers the Rails asset pipeline, contain a directory traversal vulnerability. This vulnerability has been assigned CVE-2018-3760. How do I know if I'm affected? Rails applications are vulnerable if they have this setting enabled in their application: # config/environments/production.rb config.assets.compile = true # setting to true m
#293689 Query parameter reordering causes redirect page to render unsafe URL
@kenziy found a reflected Cross-Site Scripting (XSS) vulnerability that was exploitable in Internet Explorer due to the CSP being ignored. The root cause of the vulnerability was rather interesting. In production, we had "Query String Sort" enabled in the Cloudflare caching settings. This is why we couldn't reproduce the same behavior in our local development environments. When Cloudflare...
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Shopify disclosed on HackerOne: amazon aws s3 bucket content is...
GitHub - arkadiyt/bounty-targets-data: This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
Random Robbie on Twitter: "#BugBountyTip - If you find a LFI ignore /etc/passwd and go for /var/run/secrets/kubernetes.io/serviceaccount this… https://t.co/cvZt4HIMtl"
[BugBounty Tip] A good way to make money on one mistake. A picture that steals data.
HackerOne
LocalTapiola disclosed on HackerOne: Possible sweet32 lahitapiola.fi
GSA Bounty disclosed on HackerOne: SQL injection in...
Ford disclosed on HackerOne: Subdomain takeover on...
Node.js third-party modules disclosed on HackerOne: [node-srv] Path...
HackerOne
Shopify disclosed on HackerOne: subdomain Takeover at...
Greenhouse.io disclosed on HackerOne: Content Spoofing on...
Valve disclosed on HackerOne: Xss was found by exploiting the URL...
Valve disclosed on HackerOne: Link filter protection bypass