Hacking, AppSec, and Bug Bounty newsletter
2017-05-02 | Dark Reading needs you, PDF spring cleaning, and ShellCode Stdio
Tuesday, May 2
Happy birthday, SQL. 43-years young and still going strong!
Cartoons. They’re a powerful communication medium deployed by publications across the globe. Cartoons are said to be both "opinion-molding and opinion-reflecting". They provide subtle frameworks within which to examine the life and political processes of a nation. While that may be true, they’re also silly and enjoyable. Today, we focus on the latter. Dark Reading needs you to name that toon. Hone your wittiness and win a $25 Amazon gift card. Contest ends June 2.
use of unsafe host header leads to open redirect [11 upvotes] - $300 bounty for this report to Rockstar games by @exception. Usage of HTTP_HOST which is variable and could be changed by sending different host header values could result in creation of malicious urls.
SIGABRT in only mirb [3 upvotes] - $800 bounty for this report to Shopify by @ston3.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.
TWEET OF THE DAY
Security researcher discovered the service 0-day vulnerability (SQL injection) Adobe Campaign. Bounty $7.732. - @leoniemela
OTHER ARTICLES WE’RE READING
Spring cleaning. PDF metadata style.
Parents should be suspicious of their kids hugging their graphing calculators.
Debuggable, compiler optimized, position independent, x86 shellcode for windows platforms: ShellCode Stdio.
Comprehensive report on ransomware from May 2016 – April 2017 (thanks David Balaban for sharing!) You can also see the data visualized.
These are cool: All computers are broken, ACAB Ts.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Don’t do in code what you can get the SQL server to do well for you
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.