ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2017-05-02 | Dark Reading needs you, PDF spring cleaning, and ShellCode Stdio

Tuesday, May 2

Happy birthday, SQL. 43-years young and still going strong!

TOP STORY

  • Cartoons. They’re a powerful communication medium deployed by publications across the globe. Cartoons are said to be both "opinion-molding and opinion-reflecting". They provide subtle frameworks within which to examine the life and political processes of a nation. While that may be true, they’re also silly and enjoyable. Today, we focus on the latter. Dark Reading needs you to name that toon. Hone your wittiness and win a $25 Amazon gift card. Contest ends June 2.  

HACKTIVITY

  • use of unsafe host header leads to open redirect [11 upvotes] - $300 bounty for this report to Rockstar games by @exception. Usage of HTTP_HOST which is variable and could be changed by sending different host header values could result in creation of malicious urls.

  • SIGABRT in only mirb [3 upvotes] - $800 bounty for this report to Shopify by @ston3.

You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.

TWEET OF THE DAY

  • Security researcher discovered the service 0-day vulnerability (SQL injection) Adobe Campaign. Bounty $7.732. - @leoniemela

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

 

Don’t do in code what you can get the SQL server to do well for you

SQLizer

 


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.