Hacking, AppSec, and Bug Bounty newsletter
2017-05-04 | GDocs Phishing, $21K bounty day, and HTTP What?
Thursday, May 4
May the 4thhhhhhhh be with you. Happy Star Wars day!
Phishing works (unfortunately). And there was a very recent and surprisingly convincing Google Docs phishing scam spreading across the interwebs in the last few days. You can read a little more about Phishing with Client Application Name Spoofing, but in the meantime, delete any email that’s from “hhhhhhhhhhhh[at]company[dot]com” or anything from Eugene Pupov.
Markdown based stored XSS (IE only) [5 upvotes] - no bounty for this report to GitLab by @a0xnirudh. GitLab’s amazing team handled the bug very quickly and even posts the link to the merge request with the fix. Awesome!
$21,000 for 3 bugs - Chaining bugs to get RCE, LFD and SQLi. The man is legend. The man is @shubs.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.
OTHER ARTICLES WE’RE READING
There’s malware in your burrito.
HBR wants you to stop using free public wifi. So do we.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
"Aren't you a little short for a stormtrooper?"
Princess Leia in A New Hope