2017-05-02 | Dark Reading needs you, PDF spring cleaning, and ShellCode Stdio

Tuesday, May 2

Happy birthday, SQL. 43-years young and still going strong!

TOP STORY

Cartoons. They’re a powerful communication medium deployed by publications across the globe. Cartoons are said to be both "opinion-molding and opinion-reflecting". They provide subtle frameworks within which to examine the life and political processes of a nation. While that may be true, they’re also silly and enjoyable. Today, we focus on the latter. Dark Reading needs you to name that toon. Hone your wittiness and win a $25 Amazon gift card. Contest ends June 2.

HACKTIVITY

use of unsafe host header leads to open redirect [11 upvotes] - $300 bounty for this report to Rockstar games by @exception. Usage of HTTP_HOST which is variable and could be changed by sending different host header values could result in creation of malicious urls.
SIGABRT in only mirb [3 upvotes] - $800 bounty for this report to Shopify by @ston3.

You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.

TWEET OF THE DAY

Security researcher discovered the service 0-day vulnerability (SQL injection) Adobe Campaign. Bounty $7.732. - @leoniemela

OTHER ARTICLES WE’RE READING

Spring cleaning. PDF metadata style.
Parents should be suspicious of their kids hugging their graphing calculators.
Debuggable, compiler optimized, position independent, x86 shellcode for windows platforms: ShellCode Stdio.
How to ask a technical question
Comprehensive report on ransomware from May 2016 – April 2017 (thanks David Balaban for sharing!) You can also see the data visualized.
These are cool: All computers are broken, ACAB Ts.

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

Don’t do in code what you can get the SQL server to do well for you

SQLizer

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.