Blog post of the issue can be found here: https://enumerated.wordpress.com/2019/12/24/sop-bypass-via-browser-cache/
Hi , This book is a collection of "BugBounty" Tips tweeted / shared by community people. It includes the tweets I collected over the past from Twitter , Google and Hastags and chances that few tips may be missing. I have categorized tips against each vulnerability classification and "will be updating" regularly. Each tweet has link to original tweet to read about others replies / comments. Huge "T
LINE株式会社 久保田 量大 (LINE セキュリティ室) セキュリティ未経験だったけど入社1年目から Bug Bounty Program 運営に参加してみた SECCON2017決勝大会での発表資料です。 https://2017.seccon.jp/news/seccon2017.html LINE Security Bug Bounty Programについて紹介します。 LINEはBug Bountyを2015年から始めて、国を問わずたくさんのバグハンターの方々に報告してもらっています。 そこで得た運用での知見や実際に報告された問題を共有します。 どうやって自社でBug Bountyをするのか?どうしてBug Bountyを行うのかと言った運用や動機の他、 Bug Bountyを知らなかった人や興味のある人でも楽しめるようにどうやってバグを見つけ、どのように報告すればよいかを紹
Shopify infrastructure is isolated into subsets of infrastructure. @0xacb reported it was possible to gain root access to any container in one particular subset by exploiting a server side request forgery bug in the screenshotting functionality of Shopify Exchange. Within an hour of receiving the report, we disabled the vulnerable service, began auditing applications in all subsets and...
All previously released versions of Sprockets, the software that powers the Rails asset pipeline, contain a directory traversal vulnerability. This vulnerability has been assigned CVE-2018-3760. How do I know if I'm affected? Rails applications are vulnerable if they have this setting enabled in their application: # config/environments/production.rb config.assets.compile = true # setting to true m
@kenziy found a reflected Cross-Site Scripting (XSS) vulnerability that was exploitable in Internet Explorer due to the CSP being ignored. The root cause of the vulnerability was rather interesting. In production, we had "Query String Sort" enabled in the Cloudflare caching settings. This is why we couldn't reproduce the same behavior in our local development environments. When Cloudflare...
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く