Hacking, AppSec, and Bug Bounty newsletter

2017-05-05 | FlexiWHY, XSS for IE11, and telephony troubles

Friday, May 5

Cinco de Mayo on a Friday?! Today is bound to be amazing. Enjoy it!



  • Cloudflare based XSS for IE11 [16 upvotes] - swag award for this report to Cloudflare by @reactors08. Incredible responsiveness and communication from Cloudflare’s team, including this gem “I got ahold of a windows computer (unfortunately) and verified this works.” #bugbountyhumor

  • SSL Key Certificate expires [for] [1 upvote] - no bounty for this report to Dropbox by @honccbb. Closed as informative, but a key point here is the power of hacker-powered security: dozens of researchers combing your stack on the daily, and will let you know when your SSL Key Certs will expire in a few days. It’s like that friendly neighborhood watch.   

Today’s hacker lesson is on “how to get banned from the platform”: submit reports like this

You can see all the latest and greatest disclosures and bounties on



Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email:

Get this email forwarded to you? Click here to subscribe to the Zero Daily


The Law of Two Feet: Any time you're in a meeting where you're not contributing nor adding value--you are encouraged to use your two feet and find a place where you can.

Jonathan Opp,