Bug Bounty Weekly
Bug Bounty Weekly
Sorry for the delay, but I have been quite busy the past two weeks, telling you that I only watched the first two episodes of Game of Thrones should be enough information for you to believe me ;)
Bugcrowd's 2nd Annual State of Bug Bounty Report
Some interesting numbers, if like me, you don't like filling forms here is the link the the PDF.
Spotify is launching its public bug bounty
The maximum payout is $2500. Check this old report about using creative usernames to hijack Spotify accounts.
HackerOne API is available !
Go check the API documentation and how @GitHubSecurity uses it for chatops / process automation.
XSS Hunter is Now Open Source
A nice tool to find blind XSS. Now that it is open source you don't have to worry about your finding being sent to a third party.
P0rnHub revamps bug bounty, back pays cash, hires staff, after criticism
Pornhub has now modified the payout table to better align with the other public bounty programs.
Taking over Heroku accounts
@esevece found a nice CSRF in Heroku that could have been used to take over another user account.
Fixing Message Duplication in Messenger on Android
"Not all of our learning comes from complex security bugs. Sometimes, even simple configuration issues can show us how to make our products more secure."
Popping the Pornhub Cherry
One Pornhub server had a Memcache service running without authentication. The reward was retroactively increased to $2500.
SVG parser loads external resources on image upload
A classis CSRF when uploading an SVG file, awarded $500.
Trello: Payments informations are sent to the webhook when a team changes its visibility
If an attacker installed a webhook on an team, and the team changed it's visibility from private to public, the payload sent to the webhook contained the company's payment data.
Comprehensive resource on subdomain discovery, including public tools and tips to bruteforcing subdomains.
Web Storage: the lesser evil for session tokens
Is it safe to store session tokens using Web Storage instead of cookies ? If you don't know the answer go read this post, if you do, check it anyway you'll probably learn a thing or two :)
Finding XSS vulnerabilities in flash files.
A great tutorial explaining how to find XSS inside flash files.
SSRF bible. Cheatsheet
Everything you ever wanted to know about CSRF !
Looking for XSS in PHP Source Code - Fooling the Interpreter
A simple but effective approach to find XSS in PHP source code.
As always if you have any questions or suggestions please send an email to email@example.com or ping me on Twitter @TechbrunchFr or @BugBountyWeekly.
Thank you for subscribing and see you next week ;)
PS: If you like this week's issue but you are too busy to write a tweet, just click this link to share the love on Twitter.