Hacking, AppSec, and Bug Bounty newsletter
2017-04-27 | Pricey 0-days, Cloudflare’s Orbit, and Parlez-vous Fancy?
Thursday, April 27
0-days are expensive. It’s econ 101. Supply goes down but demand keeps rising, prices rise. Cyberscoop’s recent article looks at this trend and reviewed Symantec’s report. “Weaponizing an exploit in 2017 is much, much harder than it was even two to three years ago,” our CTO Alex Rice was quoted in the article. He continued, “This is ultimately good news,” Rice said. “The software we rely on most consistently is getting significantly harder to exploit and vulnerabilities are far more rare.”
RCE by command line argument injection to `gm convert` in `/edit/process?a=crop` [80 upvotes] - $5,000 bounty for this report to Imgur by @neex. Summary in full: The y parameter of /edit/process endpoint (with a=crop) is vulnerable to command-line argument injection to something that appears to be GraphicsMagick utility (probably gm convert). Due to GraphicsMagick's hacker-friendly processing of |-starting filenames supplied to -write option, it leads to command execution.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.
OTHER ARTICLES WE’RE READING
Cloudlfare introduces Orbit for IoT
Completely secure and proprietary email protocol! Nomx
AICPA has developed a cybersecurity risk management reporting framework
RCE in GE protection relays fixed
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
PC security does not work for IoT