ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2017-04-27 | Pricey 0-days, Cloudflare’s Orbit, and Parlez-vous Fancy?

Thursday, April 27

Good morning!

TOP STORY

  • 0-days are expensive. It’s econ 101. Supply goes down but demand keeps rising, prices rise. Cyberscoop’s recent article looks at this trend and reviewed Symantec’s report. “Weaponizing an exploit in 2017 is much, much harder than it was even two to three years ago,” our CTO Alex Rice was quoted in the article. He continued, “This is ultimately good news,” Rice said. “The software we rely on most consistently is getting significantly harder to exploit and vulnerabilities are far more rare.”

HACKTIVITY

  • RCE by command line argument injection to `gm convert` in `/edit/process?a=crop` [80 upvotes] - $5,000 bounty for this report to Imgur by @neex. Summary in full: The y parameter of /edit/process endpoint (with a=crop) is vulnerable to command-line argument injection to something that appears to be GraphicsMagick utility (probably gm convert). Due to GraphicsMagick's hacker-friendly processing of |-starting filenames supplied to -write option, it leads to command execution.

You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

 

PC security does not work for IoT

Cloudflare