Hacking, AppSec, and Bug Bounty newsletter

2017-04-27 | Pricey 0-days, Cloudflare’s Orbit, and Parlez-vous Fancy?

Thursday, April 27

Good morning!


  • 0-days are expensive. It’s econ 101. Supply goes down but demand keeps rising, prices rise. Cyberscoop’s recent article looks at this trend and reviewed Symantec’s report. “Weaponizing an exploit in 2017 is much, much harder than it was even two to three years ago,” our CTO Alex Rice was quoted in the article. He continued, “This is ultimately good news,” Rice said. “The software we rely on most consistently is getting significantly harder to exploit and vulnerabilities are far more rare.”


  • RCE by command line argument injection to `gm convert` in `/edit/process?a=crop` [80 upvotes] - $5,000 bounty for this report to Imgur by @neex. Summary in full: The y parameter of /edit/process endpoint (with a=crop) is vulnerable to command-line argument injection to something that appears to be GraphicsMagick utility (probably gm convert). Due to GraphicsMagick's hacker-friendly processing of |-starting filenames supplied to -write option, it leads to command execution.

You can see all the latest and greatest disclosures and bounties on



Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email:

Get this email forwarded to you? Click here to subscribe to the Zero Daily


PC security does not work for IoT



HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.