ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2017-04-14 | The Internet of Broken Things, Google Play banking trojan, and inmates building computers in the ceiling

Friday, April 14

Have a good Friday!

TODAY’S TOP STORY

HACKTIVITY

  • Remote Code Execution (RCE) in a DoD website [15 upvotes] - no bounty for this report to Department of Defense by @joaomatosf. This was the hackers first report on HackerOne! You have a bright future, friend. DoD quote in summary “This was a very clever demonstration.”

  • Unfiltered `class` attribute in markdown code [ 8 upvotes] - no bounty for this report to GitLab by @skovorodan. Very cool to see the amount of work a researcher puts into the report, for the good of the internet. No monetary compensation, but credit for the hard work. Well done to all.

You can see all the latest and greatest disclosures and bounties on hackerone.com/hacktivity.

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

“Whenever you find yourself on the side of the majority, it is time to pause and reflect.”
Mark Twain